Primary

Context

esiclivre SQL Injection Vulnerability in Password Reset Function

Vulnerability

A SQL injection vulnerability has been identified in the password reset function of esiclivre versions through v0.2.2. This vulnerability allows unauthenticated remote attackers to inject SQL via the 'cpfcnpj' parameter in the '/reset/index.php' endpoint, potentially leading to unauthorized access to sensitive information from the database.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive database information.

Remediation

No upstream fix is currently available. It is recommended to use parameterized queries for database access, validate and sanitize user input, and consider temporarily restricting access to the password reset endpoint until a patch is applied.

Added: Mar 24, 2026, 3:31 PM

Updated: Mar 24, 2026, 3:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

esiclivre SQL Injection Vulnerability in Password Reset Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating