CVE 8.7 HIGH

SQL Injection in STER_CVE-2026-25606

May 22, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the application itself is able to access

This issue was fixed in version 9.5.

AI Analysis

SQL injection vulnerability allowing authenticated attackers to view sensitive data

Basic Information

ID CVE-2026-25606

Source CERT-PL

Published May 22, 2026 at 09:14

Affected Product

Vendor Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy

Product STER

Affected Versions Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy STER 0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy

Product STER

References

{
    "lastseen": "",
    "description": "A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the application itself is able to access\n\nThis issue was fixed in version 9.5.",
    "published": "2026-05-22T09:14:40.513Z",
    "modified": "2026-05-22T09:14:40.513Z",
    "type": "cve",
    "title": "SQL Injection in STER",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/05/CVE-2026-25606\nhttps://www.ciop.pl/CIOPPortalWAR/appmanager/ciop/pl?_nfpb=true&_pageLabel=P52000165211572544981480",
    "id": "CVE-2026-25606",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Centralny Instytut Ochrony Pracy - Pa\u0144stwowy Instytut Badawczy STER 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "STER",
    "version": "0",
    "vendor": "Centralny Instytut Ochrony Pracy - Pa\u0144stwowy Instytut Badawczy",
    "ai_description": "SQL injection vulnerability allowing authenticated attackers to view sensitive data",
    "ai_severity": "High",
    "ai_vendor": "Centralny Instytut Ochrony Pracy - Pa\u0144stwowy Instytut Badawczy",
    "ai_product": "STER",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply