Home / Vulnerability Intelligence / CVE-2019-25678

CVE-2019-25678 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 5, 2026

C4G Basic Laboratory Information System - SQL Injection

Published: April 5, 2026Updated: April 5, 2026Remote Exploitable

Overview

C4G Basic Laboratory Information System 3.4 contains multiple sql injection vulnerabilities caused by unsanitized input in the site parameter at users_select.php, letting unauthenticated attackers execute arbitrary SQL commands and extract sensitive data, exploit requires crafted GET requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL commands to extract sensitive database information including patient records and system credentials.

Mitigation

Update to the latest version that patches these SQL injection vulnerabilities.

References

Related Resources

Details

CVE ID: CVE-2019-25678
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N