CVE-2026-6833

Received Received - Intake

SQL Injection in a+HRD Allows Authenticated Data Exposure

Publication date: 2026-04-22

Last updated on: 2026-04-22

Assigner: TWCERT/CC

Description

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-04-22

Last Modified

2026-04-22

Generated

2026-06-16

AI Q&A

2026-04-22

EPSS Evaluated

2026-06-14

NVD

CVE-2026-6833

EUVD

EUVD-2026-24599

Affected Vendors & Products

Vendor	Product	Version / Range
aenrich	a+hrd	to 7.1 (exc)
aenrich	a+hrd	From 6.8 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

CVE-2026-6833 is a SQL Injection vulnerability in the a+HRD software developed by aEnrich, affecting versions 7.1 and earlier.

This vulnerability allows authenticated remote attackers to inject arbitrary SQL commands into the system.

By exploiting this flaw, attackers can read the contents of the database without proper authorization.

Impact Analysis

The vulnerability impacts the confidentiality of the data stored in the a+HRD database.

An authenticated attacker can remotely inject SQL commands to read sensitive database contents.

There is no impact on data integrity or availability, but unauthorized data disclosure can lead to privacy breaches and information leakage.

Mitigation Strategies

To mitigate the CVE-2026-6833 vulnerability, it is recommended to upgrade the a+HRD software to version 6.8 or later.

Additionally, apply the latest patches provided by the vendor to address this SQL Injection vulnerability.

If needed, contact aEnrich customer service or vendor support for assistance with the upgrade and patching process.

Compliance Impact

The vulnerability allows authenticated remote attackers to inject arbitrary SQL commands and read database contents, impacting the confidentiality of data.

This breach of confidentiality could potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of sensitive personal and health information from unauthorized access.

However, the provided information does not explicitly mention compliance impacts or specific regulatory consequences.

Hi! I’m here to help you understand CVE-2026-6833. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-6833

SQL Injection in a+HRD Allows Authenticated Data Exposure

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart