CVE-2025-25206

HIGH Year: 2025
CVSS v3 Score
8.3
High
Weakness Type
CWE-89
View all →

Vulnerability Description

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available.

Related Vulnerabilities

CVE-2019-20361

HIGH
CVSS:8.3(High)

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerabil...

CWE-892019

CVE-2022-0224

HIGH
CVSS:8.3(High)

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-0258

HIGH
CVSS:8.3(High)

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-33147

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022

CVE-2022-33148

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022

CVE-2022-33149

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022