SQL Injection in SCATI Vision Web_CVE-2025-40985

8.3 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Description

SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.

Basic Information

ID CVE-2025-40985

Source INCIBE

Published Jul 16, 2025 at 09:27

Modified Jul 16, 2025 at 14:40

Affected Product

Vendor SCATI

Product SCATI Vision Web

Version 4.8

Affected Versions SCATI SCATI Vision Web 4.8

CWE Classification

CWE-89

References

www.incibe.es /en/incibe-cert/notices/aviso/sql-injection-scati-vision-web

{
    "lastseen": "",
    "description": "SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the \u2018login\u2019 parameter in the endpoint \u2018/scatevision_web/index.php/loginForm\u2019.",
    "published": "2025-07-16T09:27:41.306Z",
    "modified": "2025-07-16T14:40:05.100Z",
    "type": "cve",
    "title": "SQL Injection in SCATI Vision Web",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-scati-vision-web",
    "id": "CVE-2025-40985",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "SCATI SCATI Vision Web 4.8",
    "sourceHref": "",
    "cvss": {
        "score": 8.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SCATI Vision Web",
    "version": "4.8",
    "vendor": "SCATI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}