Description
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14.
Published: 2026-03-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Immediate Patch
AI Analysis

Impact

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in Benkeen Generatedata 4.0.14. The vulnerability allows attackers to inject arbitrary SQL statements, potentially leading to unauthorized data access, modification, or deletion. This can compromise data confidentiality and integrity across the affected system.

Affected Systems

The affected system is Benkeen Generatedata version 4.0.14. No other vendor or product versions have been identified in the CVE record.

Risk and Exploitability

The CVSS score of 9.8 classifies this flaw as critical. Despite a very low EPSS probability (<1%) and absence from the CISA KEV listing, the potential for exploitation remains significant if an attacker can supply unsanitized input to the application. The vulnerability likely requires user‑provided input to generate the vulnerable SQL command, and could be exposed through any publicly accessible endpoint that constructs SQL queries without proper parameterization.

Generated by OpenCVE AI on March 17, 2026 at 15:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Benkeen GitHub repository for a newer release that addresses this SQL injection vulnerability.
  • If an updated version is available, upgrade Generatedata to that version immediately.
  • If no patch exists, audit the code that builds SQL statements and replace string concatenation with prepared statements or parameterized queries.
  • Implement strict input validation and sanitization on all user‑controlled parameters before use in SQL commands.
  • Consider disabling or restricting any functionality that accepts raw SQL input from users.

Generated by OpenCVE AI on March 17, 2026 at 15:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Benkeen Generatedata 4.0.14

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Benkeen
Benkeen generatedata
Vendors & Products Benkeen
Benkeen generatedata

Wed, 11 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14.
References

Subscriptions

Benkeen Generatedata
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-12T13:34:00.522Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70024

cve-icon Vulnrichment

Updated: 2026-03-12T13:33:50.680Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T21:16:13.213

Modified: 2026-03-12T21:08:22.643

Link: CVE-2025-70024

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:45Z

Weaknesses