Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Varient 1.6.1: Unauthenticated Attackers Can Access Sensitive Data
CVE-2019-25486
Summary
The Varient software version 1.6.1 has a security weakness that lets hackers access sensitive information without needing a password. This is because Varient does not properly check user input, allowing hackers to inject malicious code. To protect your data, update Varient to a newer, fixed version as soon as possible.
Original title
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit ...
Original description
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026