CVE-2019-25348

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N                                    

Vulnerability Description

Computrols CBAS-Web 19.0.0 contains a boolean-based blind SQL injection vulnerability in the 'id' parameter that allows authenticated attackers to manipulate database queries. Attackers can exploit the vulnerability by crafting boolean-based SQL injection payloads in the 'id' parameter of the servers endpoint to extract or infer database information.

Vulnerability Details

Published Date

February 12, 2026

Last Modified

February 13, 2026

CWE ID

CWE-89

Source

NVD

Vendor

Computrols

Product

CBAS-Web

External References

https://www.computrols.com/building-automation-software/
https://www.computrols.com/capabilities-cbas-web/
https://www.exploit-db.com/exploits/47631
https://www.vulncheck.com/advisories/cbas-web-id-boolean-based-blind-sql-injection

CVE-2019-25348

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment