PT-2026-24780 · Varient · Varient Sql Inj.
Mehmet Emiroglu
·
Published
2026-03-11
·
Updated
2026-03-11
·
CVE-2019-25486
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Varient version 1.6.1
Description
An SQL injection issue exists that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the
user id parameter. Attackers can send POST requests with crafted SQL payloads in the user id field to bypass authentication and extract sensitive database information. The vulnerable API endpoint accepts POST requests with the user id parameter.Recommendations
Apply a fix for Varient version 1.6.1.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Varient Sql Inj.