CVE-2025-8744 | CesiumLab Web up to 4.0 /lodmodels/ ID sql injection

Inserito da Angelo Barbosa | Ago 8, 2025 | CVE

A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection.

This vulnerability was named CVE-2025-8744. The attack can be initiated remotely. Furthermore, there is an exploit available.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8744 | CesiumLab Web up to 4.0 /lodmodels/ ID sql injection

Post correlati

CVE-2023-52324 | Trend Micro Apex Central unrestricted upload

CVE-2023-51371 | Bit Assist Chat Widget Plugin up to 1.1.9 on WordPress cross site scripting

CVE-2024-13439 | techlabpro1 Team Plugin up to 4.4.9 on WordPress Setting response authorization

CVE-2025-52922 | Innoshop up to 0.4.1 FileManager API Endpoint /api/file_manager/files base_folder path traversal