CVE-2025-40985

SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.
CVSS

No CVSS.

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en SCATI Vision Web de SCATI Labs, de la versión 4.8 a la 7.2. Esta vulnerabilidad permite a un atacante extraer datos de la base de datos mediante el parámetro "login" en el endpoint "/scatevision_web/index.php/loginForm".

16 Jul 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-16 10:15

Updated : 2026-06-17 09:22


NVD link : CVE-2025-40985

Mitre link : CVE-2025-40985

CVE.ORG link : CVE-2025-40985


JSON object : View

Products Affected

No product.

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')