CVE-2025-1157

Name of the Vulnerable Software and Affected Versions: Allims lab.online versions up to 20250201

Description: A critical issue was found in the processing of the file /model/model recuperar senha.php, where the manipulation of the recuperacao argument leads to SQL injection. This issue can be exploited remotely. The vendor was contacted about the disclosure but did not respond.

Recommendations: For versions up to 20250201, as a temporary workaround, consider restricting access to the /model/model recuperar senha.php file until a patch is available. Avoid using the recuperacao argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.