Description

Acunetix detected the Database User Has Admin Privileges.
This issue has been confirmed by checking the connection privileges via an identified SQL injection vulnerability in the application.

Remediation

Create a database user with the least possible permissions for your application and connect to the database with that user. Always follow the principle of providing the least privileges for all users and applications.

References

Authorization and Permissions in SQL Server (ADO.NET)

Wikipedia - Principle of Least Privilege

How to Use MySQL GRANT to Grant Privileges to Account

Related Vulnerabilities

User controllable charset

Invision Power Board version 3.3.4 unserialize PHP code execution

WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload

WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)

Java object deserialization of user-supplied data

Severity

High

Classification

CWE-267 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Insecure Admin Access Code Execution Privilege Escalation