CVE-2018-25272

CRITICAL CVSS 9.8 View on NVD ↗

Description

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://www.elba.at
https://www.exploit-db.com/exploits/45905
https://www.vulncheck.com/advisories/elba5-remote-code-execution-via-database-access

Published: Apr 22, 2026 16:16 UTC Modified: Apr 22, 2026 21:23 UTC