CVE-2019-25678

High CVSS: 8.8

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.

Vendor

Product

CWE

CWE-306

Yayın Tarihi

2026-04-05 21:16:45

Güncelleme

2026-04-07 13:20:35

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 HIGH 2026

Referanslar

https://www.exploit-db.com/exploits/46438 https://www.vulncheck.com/advisories/c4g-blis-sql-injection-via-users-select-php