SQL Injection Vulnerability in Econtrata Product by Vendor Unknown
CVE-2025-5172

6.9MEDIUM

Key Information:

Vendor

Unknown

Status
Econtrata
Vendor
CVE Published:
26 May 2025

What is CVE-2025-5172?

A significant SQL injection vulnerability has been identified in Econtrata up to version 20250516. An unspecified function within the file /valida allows attackers to manipulate the 'usuario' argument, enabling unauthorized access and execution of malicious SQL queries. This vulnerability can be exploited remotely, exposing sensitive data and system integrity. Despite early notifications to the vendor, there has been no acknowledgment or response regarding this serious security risk, highlighting the urgency for users to assess their security posture.

Affected Version(s)

Econtrata 20250516

References

https://vuldb.com/?id.310260
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310260
signaturepermissions-required
https://vuldb.com/?submit.579248
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

y4g0 (VulDB User)
.