CVE-2025-8220

Name of the Vulnerable Software and Affected Versions Engeman Web versions through 12.0.0.1

Description A critical vulnerability exists in Engeman Web. The issue affects an unknown function within the /Login/RecoveryPass file of the Password Recovery Page component. Manipulation of the LanguageCombobox argument, as part of a Cookie, leads to a SQL injection. The attack can be launched remotely, and the exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Engeman Web versions prior to 12.0.0.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.