PT-2026-24780 · Varient · Varient Sql Inj.
Mehmet Emiroglu
·
Publicado
2026-03-11
·
Atualizado
2026-03-11
·
CVE-2019-25486
CVSS v3.1
8.2
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Varient version 1.6.1
Description
An SQL injection issue exists that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the
user id parameter. Attackers can send POST requests with crafted SQL payloads in the user id field to bypass authentication and extract sensitive database information. The vulnerable API endpoint accepts POST requests with the user id parameter.Recommendations
Apply a fix for Varient version 1.6.1.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Varient Sql Inj.