{"id":9049,"date":"2025-07-26T22:44:17","date_gmt":"2025-07-26T22:44:17","guid":{"rendered":"http:\/\/localhost\/?p=9049"},"modified":"2025-07-26T22:44:17","modified_gmt":"2025-07-26T22:44:17","slug":"engeman-web-password-recovery-page-recoverypass-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9049","title":{"rendered":"Engeman Web Password Recovery Page RecoveryPass sql injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nEngeman Web Password Recovery Page RecoveryPass sql injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-27T03:02:05.624Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-27T03:02:05.624Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nEngeman<\/td>\n<\/tr>\n
Product<\/th>\nWeb<\/td>\n<\/tr>\n
Version<\/th>\n12.0.0.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n6.9 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical SQL injection vulnerability exists in the Password Recovery Page of Engeman Web versions up to 12.0.0.1. This allows remote attackers to inject SQL code via the LanguageCombobox argument. The exploit is publicly disclosed, and the vendor has not responded.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nEngeman<\/td>\n<\/tr>\n
AI Product<\/th>\nEngeman Web<\/td>\n<\/tr>\n
AI Version<\/th>\n12.0.0.0, 12.0.0.1<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n