Connect with us

Hi, what are you looking for?


Data Protection

SQL Injection Flaws Found in European Union Websites

Researchers have discovered several SQL injection vulnerabilities in the websites of the European Parliament and the European Commission — both hosted on the official domain of the European Union (

Researchers have discovered several SQL injection vulnerabilities in the websites of the European Parliament and the European Commission — both hosted on the official domain of the European Union (

The flaws were identified by experts from Government Laboratory, a project of Germany-based security firm Vulnerability Lab that focuses on finding zero-day vulnerabilities in government web applications and network services.

The security holes, discovered by Vulnerability Lab CEO Benjamin Kunz Mejri and researcher Marco Onorati, were reported to CERT-EU in May and they were plugged within 1-2 weeks.

“We reported the bugs by the responsible disclosure program and got acknowledged for the critical vulnerabilities in a fair way by the CERT-EU team,” Kunz Mejri, who was listed in CERT-EU’s Hall of Fame, told SecurityWeek.

The SQL injection flaws were found in various sections of the European Commission’s website, including the ones dedicated to the INSPIRE directive (, growth (, and employment, social affairs and inclusion ( In the case of the European Parliament, a vulnerability existed on the webpage.

According to the researchers, the flaws could have been exploited by remote, unauthenticated attackers to gain access to European Commission and European Parliament databases containing potentially sensitive user data.

However, Kunz Mejri believes it would not have been easy for an attacker to exploit the security holes, especially without being detected by cybersecurity systems. CERT-EU has not responded to SecurityWeek’s request for comment.

Advertisement. Scroll to continue reading.

The Government Laboratory research team says it has found vulnerabilities in the websites of several government organizations, including the U.S. Department of Defense and various European agencies. The details will be disclosed after the flaws are patched.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...