Primary

Context

ControlID iDSecure On-Premises SQL Injection Vulnerability

Vulnerability

Patched

A SQL injection vulnerability has been identified in ControlID iDSecure On-premises versions 4.7.48.0 and prior. This vulnerability allows attackers to leak arbitrary information and insert custom SQL syntax into SQL queries.

Impact

Exploitation of this vulnerability could lead to unauthorized data access and manipulation of the application's database.

Remediation

ControlID has released version 4.7.50.0 to address this vulnerability. Users are advised to update to this version.

Added: Jun 24, 2025, 8:44 PM

Updated: Jun 24, 2025, 8:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.7

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.7

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ControlID iDSecure On-Premises SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ControlID iDSecure On-premises

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating