CVE-2025-26852

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.descor.com/prodotti/infocad	Product
https://www.infocadfm.com/changelog/sql-injection/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:descor:infocad:*:*:*:*:*:*:*:*

History

01 Apr 2025, 20:25

Type	Values Removed	Values Added
First Time		Descor Descor infocad
CPE		cpe:2.3:a:descor:infocad::::::::
References	~~() https://www.descor.com/prodotti/infocad -~~	() https://www.descor.com/prodotti/infocad - Product
References	~~() https://www.infocadfm.com/changelog/sql-injection/ -~~	() https://www.infocadfm.com/changelog/sql-injection/ - Vendor Advisory

28 Mar 2025, 00:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 10.0

25 Mar 2025, 13:15

Type	Values Removed	Values Added
CWE		CWE-89
Summary		(es) DESCOR INFOCAD 3.5.1 y anteriores y corregido en v.3.5.2.0 permite inyección SQL.

20 Mar 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3

20 Mar 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 20:15

Updated : 2025-04-23 18:59

NVD link : CVE-2025-26852

Mitre link : CVE-2025-26852

CVE.ORG link : CVE-2025-26852

JSON object : View

Products Affected

descor

infocad

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

10.0 /10