SQL Injection Vulnerability in Pix Software Vivaz 6.0.10
CVE-2025-1156

6.9MEDIUM

Key Information:

Vendor

Pix Software

Status
Vivaz
Vendor
CVE Published:
10 February 2025

What is CVE-2025-1156?

A SQL injection vulnerability has been identified in Pix Software's Vivaz 6.0.10, primarily affecting the login servlet. By manipulating the 'usuario' argument, remote attackers can execute unauthorized SQL commands, potentially compromising the integrity and confidentiality of the database. Despite early notifications to the vendor, no response was received regarding this critical issue, allowing potential exploits to surface publicly. Users of the affected version are strongly advised to take immediate action to mitigate risks.

Affected Version(s)

Vivaz 6.0.10

References

https://vuldb.com/?id.295060
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295060
signaturepermissions-required
https://vuldb.com/?submit.493482
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Stux (VulDB User)
.