The security experts Vulnerability Lab CEO Benjamin Kunz Mejri and Marco Onorati have discovered a number of SQL injection vulnerabilities in the websites of the European Parliament and the European Commission.
The exploitation of the flaws in the websites of the European Parliament and the European Commission could result in the exposure of the databases used by the web services that contain sensitive user data.
The researchers already reported them to CERT-EU in May through an ethical disclosure process, the flaw will be fixed in a couple of weeks.
“We reported the bugs by the responsible disclosure program and got acknowledged for the critical vulnerabilities in a fair way by the CERT-EU team,” Kunz Mejritold SecurityWeek that first reported the news.
The SQL injection vulnerabilities affect websites hosted on the domain “europa.eu” belonging to the European Union.
The SQL injection flaws were found in multiple various sections of the European Commission’s website (inspire.ec.europa.eu, ec.europa.eu/growth, ec.europa.eu/social). One of the flaws was discovered affecting one of the pages of the European Parliament website (europarl.europa.eu/sides/)
According to Kunz Mejri, the good news is that the vulnerabilities are difficult to exploit due to the defense measures implemented by the organization.
Kunz Mejri and the Government Laboratory organizations have already spotted other serious vulnerabilities in the systems of government organizations worldwide.
The experts will disclose the details of the vulnerabilities once they will be patched.
(Security Affairs – European Union Websites, EMC Data Domain)