CVE-2025-1157 | Allims lab.online up to 20250201 model_recuperar_senha.php recuperacao sql injection

A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. This issue affects some unknown processing of the file /model/model_recuperar_senha.php. The manipulation of the argument recuperacao leads to sql injection.

The identification of this vulnerability is CVE-2025-1157. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1157 | Allims lab.online up to 20250201 model_recuperar_senha.php recuperacao sql injection

Post correlati

CVE-2023-46712 | Fortinet FortiPortal up to 7.0.6/7.2.1 HTTP Request access control (FG-IR-23-395)

CVE-2024-25706 | Esri Portal for ArcGIS up to 11.0 cross site scripting

CVE-2024-56923 | Silverpeas Core 6.4.1 My Subscriptions Name cross site scripting

CVE-2025-23604 | Rezdy Reloaded Plugin up to 1.0.1 on WordPress cross site scripting