Skip to main content

CVE-2025-5696: SQL Injection in Brilliance Golden Link Secondary System

Medium
VulnerabilityCVE-2025-5696cvecve-2025-5696
Published: Thu Jun 05 2025 (06/05/2025, 21:31:04 UTC)
Source: CVE Database V5
Vendor/Project: Brilliance
Product: Golden Link Secondary System

Description

A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/07/2025, 17:25:32 UTC

Technical Analysis

CVE-2025-5696 is a SQL Injection vulnerability identified in the Brilliance Golden Link Secondary System, specifically affecting versions up to 20250424. The vulnerability resides in the web application file /storagework/rentChangeCheckInfoPage.htm, where the 'clientname' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This flaw enables remote attackers to manipulate backend database queries without requiring authentication or user interaction. The vulnerability has a CVSS 4.0 base score of 5.3, indicating a medium severity level. The vector metrics show that the attack can be launched remotely (AV:N) with low attack complexity (AC:L), no privileges required (PR:L, which is low but not none), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is limited (VC:L, VI:L, VA:L), suggesting partial compromise potential. The vulnerability is publicly disclosed, but no known exploits are currently observed in the wild. The SQL Injection allows attackers to potentially read or modify sensitive data in the backend database, which could lead to unauthorized data access, data corruption, or further exploitation depending on the database privileges and application logic. Given the lack of patches or mitigation links, the vulnerability remains unpatched at the time of disclosure, increasing risk for affected deployments.

Potential Impact

For European organizations using the Brilliance Golden Link Secondary System, this vulnerability poses a risk of unauthorized data access and manipulation. Since the system appears to handle rental or client information (implied by the affected page name), exploitation could lead to exposure of personal data, violating GDPR requirements and resulting in regulatory penalties. The ability to remotely exploit the vulnerability without user interaction increases the risk of automated attacks or targeted intrusions. Data integrity could be compromised, affecting business operations reliant on accurate client information. Additionally, attackers might leverage this vulnerability as a foothold to escalate privileges or move laterally within the network. The medium CVSS score reflects limited but significant impact, especially if the system is integrated with other critical infrastructure. Organizations may face reputational damage and financial losses if sensitive client data is leaked or manipulated.

Mitigation Recommendations

Specific mitigation steps include: 1) Immediate code review and sanitization of the 'clientname' parameter in /storagework/rentChangeCheckInfoPage.htm to prevent SQL Injection, employing parameterized queries or prepared statements. 2) Implement Web Application Firewalls (WAFs) with custom rules to detect and block SQL Injection patterns targeting this parameter. 3) Conduct thorough security testing, including automated and manual penetration tests focusing on input validation across the application. 4) Monitor logs for unusual database query patterns or repeated access attempts to the vulnerable endpoint. 5) Restrict database user privileges to the minimum necessary to limit the impact of potential injection. 6) If possible, isolate the Golden Link Secondary System from external networks or restrict access to trusted IP ranges until a patch is available. 7) Engage with the vendor for official patches or updates and apply them promptly once released. 8) Educate development teams on secure coding practices to prevent similar vulnerabilities in future releases.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-04T20:29:04.609Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68420f89182aa0cae2f22329

Added to database: 6/5/2025, 9:43:37 PM

Last enriched: 7/7/2025, 5:25:32 PM

Last updated: 8/12/2025, 9:31:49 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats