All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-55721
CRITICALpublished 2026-06-30 23:17 UTC · 4 days ago · modified 2026-07-01 18:17 UTC
9.2
CVSS / 10
// description
Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.
// weaknesses (CWE)
- CWE-89