High severity8.8NVD Advisory· Published Jul 24, 2018· Updated Jun 17, 2026
CVE-2017-3183
CVE-2017-3183
Description
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Sage/XRT Treasuryv5Range: 3
Patches
Vulnerability mechanics
References
2- www.kb.cert.org/vuls/id/742632nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/96477nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.