CVE-2025-40985 Information

Description

SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-scati-vision-web

Related CNNVD

CNNVD-202507-2116 (Published: 2025-07-16)