ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level…

ELBA5 version 5.8.0 contains a critical remote code execution vulnerability that enables attackers to compromise database security and execute arbitrary commands with SYSTEM-level privileges. The vulnerability stems from default connector credentials that allow unauthorized database access. Attackers can decrypt the database administrator password and leverage the xp_cmdshell stored procedure to execute system commands. Additionally, threat actors can establish persistence by adding backdoor users to the BEDIENER table. This vulnerability provides complete system compromise through database exploitation.