CVE-2025-27378— SQL Injection in AES Due to Inactive SQL Parsing Configuration
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-27378
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection in AES Due to Inactive SQL Parsing Configuration
Source: NVD (National Vulnerability Database)
Vulnerability Description
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Altium Enterprise Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Altium Enterprise Server是美国Altium公司的一款本地化数据管理服务器。 Altium Enterprise Server存在安全漏洞,该漏洞源于非活动配置阻止应用最新的SQL解析逻辑,可能导致攻击者注入并执行任意SQL查询。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-27378
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-27378
请登录查看更多情报信息。
Same Patch Batch · Altium · 2026-01-22 · 4 CVEs total
| CVE-2025-27380 | 7.6 HIGH | HTML Injection Leading to Script Execution in Altium Enterprise Server |
| CVE-2025-27379 | 6.8 MEDIUM | Stored Cross-Site Scripting in AES BOM Viewer |
| CVE-2025-27377 | 5.3 MEDIUM | Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle |
IV. Related Vulnerabilities
Same vendor: Altium
- CVE-2025-27380
HTML Injection Leading to Script Execution in Altium Enterpr - CVE-2025-27379
Stored Cross-Site Scripting in AES BOM Viewer - CVE-2025-27377
Missing Validation of Self-Signed Certificates in Altium Des - CVE-2026-1181
Altium 365 Over-Permissive CORS Configuration Allows Credent - CVE-2026-1011
Stored Cross-Site Scripting in Altium Live Support Center Co
Same weakness: CWE-89
- CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss - CVE-2021-47930
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthentic - CVE-2021-47928
Opencart TMD Vendor System 3.x Blind SQL Injection via produ - CVE-2026-8231
CodeAstro Online Catering Ordering System deleteorder.php sq - CVE-2025-14179
SQL injection in pdo_firebird via NUL bytes in quoted string
V. Comments for CVE-2025-27378
No comments yet