CVE-2025-1156

Name of the Vulnerable Software and Affected Versions: Pix Software Vivaz version 6.0.10

Description: A critical issue has been found in the code related to the /servlet?act=login file, where manipulation of the usuario argument can lead to SQL injection. This issue can be exploited remotely. The vendor was contacted about the disclosure but did not respond.

Recommendations: For Pix Software Vivaz version 6.0.10, consider disabling the /servlet?act=login endpoint or restricting access to it until a patch is available. Additionally, avoid using the usuario argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.