Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Apr 7, 2026

LabCollector 5.423 SQL Injection via login.php

CVE-2019-25438

Description

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.

Affected products

LabCollector/LabCollectorllm-create
Range: =5.423
Labcollector/LabCollectorv5
Range: 5.423

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/47460mitreexploit
www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphpmitrethird-party-advisory
labcollector.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000