CVE Details
Basic Information
| Title | Engeman Web Password Recovery Page RecoveryPass sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-27T03:02:05.624Z |
| Modified | 2025-07-27T03:02:05.624Z |
Product Information
| Vendor | Engeman |
|---|---|
| Product | Web |
| Version | 12.0.0.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in the Password Recovery Page of Engeman Web versions up to 12.0.0.1. This allows remote attackers to inject SQL code via the LanguageCombobox argument. The exploit is publicly disclosed, and the vendor has not responded. |
|---|---|
| AI Severity | High |
| AI Vendor | Engeman |
| AI Product | Engeman Web |
| AI Version | 12.0.0.0, 12.0.0.1 |
Affected Products
- Engeman Web 12.0.0.0
- Engeman Web 12.0.0.1
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical has been found in Engeman Web up to 12.0.0.1. Affected is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.