- Description
- A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
CVE-2025-5172 (CVSS:6.9, HIGH) is Undergoing Analysis. A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown functio..https://t.co/OX5yDh7eIk #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
31 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5172 (CVSS:6.9, HIGH) is Undergoing Analysis. A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown functio..https://t.co/OX5yDh7eIk #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
30 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5172
@transilienceai
26 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-5172 SQL Injection in Econtrata Web Application via Usuario Argument Vulnerability https://t.co/jPeaiqUlnW
@VulmonFeeds
26 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5172 A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the a… https://t.co/HgAxA5tYXQ
@CVEnew
26 May 2025
547 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:econtrata:econtrata:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61FC49CA-5C3E-45DB-8A10-4E61CA1075C3",
"versionEndIncluding": "2025-05-16"
}
],
"operator": "OR"
}
]
}
]