CVE-2025-1157

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Feb 10, 2025

CWE ID 89

CWE ID 74

Summary

CVE-2025-1157 is a critical vulnerability affecting Allims lab.online versions up to 20250201. This issue is related to an unsecured processing of the file /model/model_recuperar_senha.php and allows attackers to inject SQL code through the manipulation of the argument "recuperacao." The exploit can be initiated remotely, and the vulnerability has been disclosed to the public. The vendor was contacted about the disclosure but did not respond, increasing the risk of widespread exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3Nyt2E
https://www.cve.org/CVERecord?id=CVE-2025-1157
https://nvd.nist.gov/vuln/detail/CVE-2025-1157

Back to Vulnerability Database

CVE-2025-1157

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations