CVE-2019-25438

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://labcollector.com/ Product
https://www.exploit-db.com/exploits/47460 Exploit VDB Entry
https://www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphp Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:agilebio:labcollector:5.423:*:*:*:*:*:*:*
History

02 Mar 2026, 15:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.2 		v2 : unknown
v3 : 7.5

26 Feb 2026, 02:32

Type Values Removed Values Added
References () https://labcollector.com/ - () https://labcollector.com/ - Product
References () https://www.exploit-db.com/exploits/47460 - () https://www.exploit-db.com/exploits/47460 - Exploit, VDB Entry
References () https://www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphp - () https://www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphp - Third Party Advisory
CPE cpe:2.3:a:agilebio:labcollector:5.423:*:*:*:*:*:*:*
First Time Agilebio labcollector
Agilebio
Summary
  • (es) LabCollector 5.423 contiene múltiples vulnerabilidades de inyección SQL que permiten a atacantes no autenticados ejecutar comandos SQL arbitrarios inyectando código malicioso a través de parámetros POST. Los atacantes pueden enviar cargas útiles SQL manipuladas en el parámetro login de login.php o el parámetro user_name de retrieve_password.php para extraer información sensible de la base de datos sin autenticación.

20 Feb 2026, 23:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-20 23:16

Updated : 2026-03-02 15:16

NVD link : CVE-2019-25438

Mitre link : CVE-2019-25438

CVE.ORG link : CVE-2019-25438

JSON object : View

Products Affected

agilebio

  • labcollector
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')