CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.2%

CVSS Severity

CVSS v3 Score 8.2

References

https://labcollector.com/
https://www.exploit-db.com/exploits/47460
https://www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphp

Products affected by CVE-2019-25438

Agilebio » Labcollector » Version: 5.423

cpe:2.3:a:agilebio:labcollector:5.423

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25438

Products

Pricing

Contact Us