Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
GHSA-4r6w-pg4g-qvvh: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges↗2025-08-12
▶
CVEList
Microsoft SQL Server Elevation of Privilege Vulnerability↗2025-08-12
▶
📋Vendor Advisories
1
Microsoft
Microsoft SQL Server Elevation of Privilege Vulnerability↗2025-08-12
▶
CVE-2025-49758 (HIGH CVSS 8.8) | Improper neutralization of special | cvebase.io