CVE-2025-8220 | Engeman Web up to 12.0.0.1 Password Recovery Page /Login/RecoveryPass LanguageCombobox sql injection

Inserito da Angelo Barbosa | Lug 26, 2025 | CVE

A vulnerability classified as critical has been found in Engeman Web up to 12.0.0.1. Affected is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox leads to sql injection.

This vulnerability is traded as CVE-2025-8220. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8220 | Engeman Web up to 12.0.0.1 Password Recovery Page /Login/RecoveryPass LanguageCombobox sql injection

Post correlati

CVE-2024-10952 | Authors List Plugin up to 2.0.4 on WordPress Shortcode update_authors_list_ajax code injection

CVE-2024-41890 | Apache Answer up to 1.3.5 Password Reset release of resource

CVE-2023-51016 | Totolink EX1800T 9.1.0cu.2112_B20220316 cstecgi.cgi setRebootScheCfg Privilege Escalation

CVE-2024-6233 | Check Point ZoneAlarm Extreme Security prior 4.2.712 link following (ZDI-24-1036)