Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
LabCollector 5.423: Unauthenticated SQL Code Injection Exposes Database Data
CVE-2019-25438
Summary
LabCollector 5.423 has a security weakness that allows hackers to access sensitive information without a login. This is a serious issue because it lets attackers extract confidential data. To protect your data, update to the latest version of LabCollector.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| agilebio | labcollector | 5.423 | – |
Original title
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attack...
Original description
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
- https://labcollector.com/ Product
- https://www.exploit-db.com/exploits/47460 Exploit VDB Entry
- https://www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphp Third Party Advisory
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026