CVE-2017-14851
Description
A SQL injection vulnerability in Orpak SiteOmat login page allows authentication bypass, affecting all versions prior to September 25, 2017.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A SQL injection vulnerability in Orpak SiteOmat login page allows authentication bypass, affecting all versions prior to September 25, 2017.
Vulnerability
A SQL injection vulnerability exists in the login page of Orpak SiteOmat versions prior to 2017-09-25 (versions prior to 6.4.414.084). The authentication validation process uses an insecure SELECT query that fails to properly sanitize user input, allowing an attacker to inject SQL commands [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication by submitting specially crafted input to the login form. The attack requires low skill level and public exploits are available [1]. The attacker manipulates the username or password fields to inject SQL code, bypassing the authentication mechanism.
Impact
Successful exploitation results in authentication bypass, granting unauthorized access to the application. This can lead to viewing and editing sensitive monitoring, configuration, and payment information, potentially leading to arbitrary code execution or denial of service [1]. The CVSS v3 base score is 9.4 (Critical).
Mitigation
Orpak has addressed this vulnerability in SiteOmat version 6.4.414.084. Users should upgrade to this version or later. If upgrading is not immediately possible, apply input validation and network segmentation to mitigate risk [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Orpak/Orpak SiteOmatdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- www.securityfocus.com/bid/108167nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-19-122-01nvdThird Party AdvisoryUS Government Resource
- www.orpak.comnvdVendor Advisory
News mentions
0No linked articles in our index yet.