CVE-2025-8220: Critical SQL Injection Vulnerability in Engeman Web Password Recovery
A critical vulnerability has been discovered in Engeman Web, potentially allowing attackers to gain unauthorized access to sensitive data.
🔍 TL;DR Summary
Engeman Web up to version 12.0.0.1 is vulnerable to SQL injection via the Password Recovery Page (/Login/RecoveryPass). By manipulating the 'LanguageCombobox' argument, a remote attacker can execute arbitrary SQL commands. Exploit code is publicly available, increasing the risk of exploitation. The vendor has been unresponsive to vulnerability reports.
🚨 Vulnerability Details
- CVE ID: CVE-2025-8220
- Description: An SQL injection vulnerability exists within the Password Recovery Page of Engeman Web up to version 12.0.0.1. The 'LanguageCombobox' argument is susceptible to manipulation, allowing remote attackers to inject and execute arbitrary SQL commands.
- CVSS Score and Vector:
- CVSS 3.1 Score: 7.3 (HIGH)
- CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Explanation: This means an attacker can remotely exploit this vulnerability (AV:N) with low complexity (AC:L) without needing any privileges (PR:N) or user interaction (UI:N). Successful exploitation could lead to limited impact on confidentiality (C:L), integrity (I:L), and availability (A:L).
- Exploit Requirements: No authentication is required, and the attacker only needs network access to the vulnerable application.
- Affected Vendor, Product, Version: Engeman Web up to 12.0.0.1
- CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- Explanation: This CWE describes a situation where user-controlled input is not properly sanitized before being used in an SQL query, allowing an attacker to inject malicious SQL code.
📅 Timeline of Events
- 2025-07-XX: Vulnerability Discovered and Reported
- 2025-07-XX: Public Disclosure of Exploit
- 2025-07-XX: Vendor Contacted, No Response Received
🧠 Exploitability & Real-World Risk
The public availability of exploit code significantly increases the risk of this vulnerability being exploited in the wild. Attackers can leverage this SQL injection flaw to potentially steal sensitive data, modify application behavior, or even gain complete control of the affected system. Given that password recovery pages are often targeted by attackers, this vulnerability poses a significant threat.
🛠️ Recommendations
- Apply Patch: If a patch is available from Engeman, apply it immediately.
- Workaround: If no patch is available, consider disabling or restricting access to the Password Recovery Page as a temporary measure.
- Web Application Firewall (WAF): Implement a WAF to filter out malicious SQL injection attempts.
- Input Validation: Ensure all user inputs, especially in login and password-related functionalities, are properly validated and sanitized.
🧪 Technical Insight
The vulnerability lies in the improper handling of the 'LanguageCombobox' parameter within the Password Recovery Page. The application fails to adequately sanitize this input before using it in an SQL query. This allows an attacker to inject malicious SQL code that will be executed by the database, potentially compromising the entire system.
🙌 Credit to Researcher(s)
Vulnerability reported by VulDB.
🔗 References
🧵 Tags
#SQLInjection #EngemanWeb #CVE-2025-8220 #PasswordRecovery #RemoteCodeExecution #Vulnerability #Cybersecurity
Summary: Engeman Web up to version 12.0.0.1 is vulnerable to SQL injection via the Password Recovery Page. A remote attacker can execute arbitrary SQL commands by manipulating the 'LanguageCombobox' argument. Exploit code is publicly available, and the vendor has not responded to vulnerability reports.
CVE ID: CVE-2025-8220
Risk Analysis: Successful exploitation can lead to data theft, modification of application behavior, or complete system compromise. The risk is high due to the ease of exploitation and the sensitive nature of the affected functionality (password recovery).
Recommendation: Apply the latest patch from Engeman. If no patch is available, consider disabling or restricting access to the Password Recovery Page as a temporary measure. Implement a Web Application Firewall (WAF) to filter out malicious SQL injection attempts.
Timeline
- 2025-07-XX: Vulnerability Discovered and Reported
- 2025-07-XX: Public Disclosure of Exploit
- 2025-07-XX: Vendor Contacted, No Response Received