CNNVD-202507-3404 Information

Jul 27, 2025 cve

CNNVD ID

CNNVD-202507-3404

CVE-2025-8220

CNNVD Published: 2025-07-27

Description (Chinese)

Engeman Web是巴西Engeman公司的一个维护管理软件。 Engeman Web 12.0.0.1及之前版本存在SQL注入漏洞，该漏洞源于文件/Login/RecoveryPass中参数LanguageCombobox导致SQL注入。

Description (English)

Engeman Web is a maintenance management software for Engeman, Brazil. Engeman Web 12.0.0.1 and previous versions had an injection loophole in SQL, which originated from the LanguageCombobox, the parameter in the document/Login/RecoveryPass, which caused the SQL injection.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

Engeman

Published

2025-07-27

Last Modified

2026-02-24

References

https://docs.google.com/document/d/1fbe1o3ncvmYbw-w1MKMUJg7z-qu1Wyo81y9isFlNyi0/edit?usp=sharing https://vuldb.com/?ctiid.317808 https://github.com/m3m0o/engeman-web-language-combobox-sqli https://vuldb.com/?submit.616747 https://vuldb.com/?id.317808 https://docs.google.com/document/d/1fbe1o3ncvmYbw-w1MKMUJg7z-qu1Wyo81y9isFlNyi0/edit?tab=t.0 https://access.redhat.com/security/cve/cve-2025-8220

Share on: