CVE-2025-5176

Name of the Vulnerable Software and Affected Versions Realce Tecnologia Queue Ticket Kiosk versions up to 20250517

Description A critical vulnerability affects the unknown code of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to SQL injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Realce Tecnologia Queue Ticket Kiosk versions up to 20250517, as a temporary workaround, consider restricting access to the /adm/index.php file of the Admin Login Page to minimize the risk of exploitation. Avoid using the Usuário argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.