Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Engeman Web SQL Injection Vulnerability in Password Recovery Page

Vulnerability

Exploited

A critical SQL injection vulnerability has been identified in Engeman Web versions through 12.0.0.1. The issue arises in the Password Recovery Page, specifically within the file '/Login/RecoveryPass'. The vulnerability is triggered by manipulating the 'LanguageCombobox' argument, allowing for remote exploitation. This SQL injection could be used to compromise the application's database, potentially altering critical data and causing component-level denial of service.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of SQL queries, leading to SQL injection. This could be used to access, modify, or delete database information, and disrupt the normal functioning of the application component.

Added: Jul 27, 2025, 4:18 AM

Updated: Jul 27, 2025, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Engeman Web SQL Injection Vulnerability in Password Recovery Page

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating