The security experts Vulnerability Lab CEO Benjamin Kunz Mejri and Marco Onorati have discovered a number of SQL injection vulnerabilities in the websites of the European Parliament and the European Commission.
The exploitation of the flaws in the websites of the European Parliament and the European Commission could result in the exposure of the databases used by the web services that contain sensitive user data.
The researchers already reported them to CERT-EU in May through an ethical disclosure process, the flaw will be fixed in a couple of weeks.
“We reported the bugs by the responsible disclosure program and got acknowledged for the critical vulnerabilities in a fair way by the CERT-EU team,” Kunz Mejritold SecurityWeek that first reported the news.
The SQL injection vulnerabilities affect websites hosted on the domain “europa.eu” belonging to the European Union.
The SQL injection flaws were found in multiple various sections of the European Commission’s website (inspire.ec.europa.eu, ec.europa.eu/growth, ec.europa.eu/social). One of the flaws was discovered affecting one of the pages of the European Parliament website (europarl.europa.eu/sides/)
According to Kunz Mejri, the good news is that the vulnerabilities are difficult to exploit due to the defense measures implemented by the organization.
Kunz Mejri and the Government Laboratory organizations have already spotted other serious vulnerabilities in the systems of government organizations worldwide.
The experts will disclose the details of the vulnerabilities once they will be patched.
(Security Affairs – European Union Websites, EMC Data Domain)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.