<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2026-33350 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2026-33350/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 30 Jan 2024 10:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2026-33350/feed.xml" rel="self" type="application/rss+xml"/><item><title>LORIS SQL Injection Vulnerability (CVE-2026-33350)</title><link>https://feed.craftedsignal.io/briefs/2024-01-loris-sql-injection/</link><pubDate>Tue, 30 Jan 2024 10:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-loris-sql-injection/</guid><description>A SQL injection vulnerability exists in LORIS versions prior to 27.0.3 and 28.0.1, allowing attackers to access or alter data via the MRI feedback popup window in the imaging browser.</description><content:encoded><![CDATA[<p>LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application used for data and project management in neuroimaging research. A SQL injection vulnerability, identified as CVE-2026-33350, affects versions prior to 27.0.3 and 28.0.1. The vulnerability is located in code sections related to the MRI feedback popup window within the imaging browser. An attacker exploiting this flaw could potentially gain unauthorized access to sensitive data or modify existing records stored on the server. Organizations utilizing vulnerable LORIS versions are at risk of data breaches and integrity compromises. Upgrading to version 27.0.3 or 28.0.1 is advised to mitigate this risk.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies a LORIS instance running a vulnerable version (prior to 27.0.3 or 28.0.1).</li>
<li>The attacker crafts a malicious SQL payload designed to exploit the injection point within the MRI feedback popup window of the imaging browser.</li>
<li>The attacker injects the SQL payload through a user-supplied input field related to the MRI feedback feature.</li>
<li>The LORIS application, without proper sanitization or input validation, executes the attacker-controlled SQL query against the database.</li>
<li>Depending on the injected payload, the attacker can read sensitive data from the database, such as patient information or research data.</li>
<li>Alternatively, the attacker could modify existing data, potentially corrupting research results or manipulating patient records.</li>
<li>The attacker may attempt to escalate privileges within the database or gain access to the underlying operating system, depending on the database configuration and permissions.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this SQL injection vulnerability (CVE-2026-33350) could lead to unauthorized access to sensitive patient data and research information stored within the LORIS system. This could result in violations of privacy regulations (e.g., HIPAA), reputational damage for the affected organization, and potential legal liabilities. Data modification could compromise the integrity of research findings and impact clinical decision-making. While the number of affected installations is unknown, the self-hosted nature of LORIS means that each vulnerable instance is a potential target.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade LORIS installations to version 27.0.3 or 28.0.1 to patch CVE-2026-33350 as recommended by the vendor.</li>
<li>Implement input validation and sanitization measures within the LORIS application to prevent SQL injection attacks.</li>
<li>Deploy the Sigma rule provided below to detect potential exploitation attempts against LORIS instances.</li>
<li>Review web server logs for suspicious activity targeting the MRI feedback functionality to identify potential exploitation attempts.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>sql-injection</category><category>cve-2026-33350</category><category>loris</category><category>web-application</category></item></channel></rss>