Experts have discovered several SQL injection vulnerabilities in the European Union Websites, the European Parliament and the European Commission sites
The security experts Vulnerability Lab CEO Benjamin Kunz Mejri and Marco Onorati have discovered a number of SQL injection vulnerabilities in the websites of the European Parliament and the European Commission.
The exploitation of the flaws in the websites of the European Parliament and the European Commission could result in the exposure of the databases used by the web services that contain sensitive user data.
The researchers already reported them to CERT-EU in May through an ethical disclosure process, the flaw will be fixed in a couple of weeks.
“We reported the bugs by the responsible disclosure program and got acknowledged for the critical vulnerabilities in a fair way by the CERT-EU team,” Kunz Mejritold SecurityWeek that first reported the news.
The SQL injection vulnerabilities affect websites hosted on the domain “europa.eu” belonging to the European Union.
The SQL injection flaws were found in multiple various sections of the European Commission’s website (inspire.ec.europa.eu, ec.europa.eu/growth, ec.europa.eu/social). One of the flaws was discovered affecting one of the pages of the European Parliament website (europarl.europa.eu/sides/)
According to Kunz Mejri, the good news is that the vulnerabilities are difficult to exploit due to the defense measures implemented by the organization.
Kunz Mejri and the Government Laboratory organizations have already spotted other serious vulnerabilities in the systems of government organizations worldwide.
The experts will disclose the details of the vulnerabilities once they will be patched.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.