CVE 8.7 HIGH

ViewLead Technology｜Bacteriology Laboratory Reporting System – SQL Injection_CVE-2025-13046

November 12, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

AI Analysis

SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands

Basic Information

ID CVE-2025-13046

Source twcert

Published Nov 12, 2025 at 07:57

Affected Product

Vendor ViewLead Technology

Product Bacteriology Laboratory Reporting System

Affected Versions ViewLead Technology Bacteriology Laboratory Reporting System 0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor ViewLead Technology

Product Bacteriology Laboratory Reporting System

References

{
    "lastseen": "",
    "description": "Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.",
    "published": "2025-11-12T07:57:30.785Z",
    "modified": "2025-11-12T07:57:30.785Z",
    "type": "cve",
    "title": "ViewLead Technology\uff5cBacteriology Laboratory Reporting System - SQL Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10498-61fa4-1.html\nhttps://www.twcert.org.tw/en/cp-139-10499-15678-2.html",
    "id": "CVE-2025-13046",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "ViewLead Technology Bacteriology Laboratory Reporting System 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Bacteriology Laboratory Reporting System",
    "version": "0",
    "vendor": "ViewLead Technology",
    "ai_description": "SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands",
    "ai_severity": "High",
    "ai_vendor": "ViewLead Technology",
    "ai_product": "Bacteriology Laboratory Reporting System",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply