CVE-2018-25272
CRITICALELBA5 5.8.0 Remote Code Execution via Database Access
Title source: cnaDescription
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.
Exploits (1)
exploitdb
WORKING POC
by Florian Bogner · pythonremotewindows
https://www.exploit-db.com/exploits/45905
Scores
CVSS v3
9.8
EPSS
0.0017
EPSS Percentile
37.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-326
Status
published
Products (1)
Elba/ELBA5
5.8.0
Published
Apr 22, 2026
Tracked Since
Apr 22, 2026