Dial · Centrosnet · CVE-2025-10870
**Name of the Vulnerable Software and Affected Versions**
DIAL CentrosNet versions prior to 2.65
**Description**
A SQL injection issue exists in DIAL's CentrosNet. An attacker can retrieve, create, update, and delete databases by sending POST and GET requests. The vulnerability is present in the `/centrosnet/ultralogin.php` file, specifically through the `ultralogin` parameter. This allows for unauthenticated database control.
**Recommendations**
Update DIAL CentrosNet to version 2.65 or later.
As a temporary workaround, restrict access to the `/centrosnet/ultralogin.php` file.
Avoid using the `ultralogin` parameter in POST and GET requests until the issue is resolved.