Arcasolutions

arcasolutions

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Edirectory

edirectory

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-25675 1Arcasolutions 1Edirectory Apr 20, 2026 Apr 5, 2026 8.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exp...Show more eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection to authenticate as administrator, then leverage authenticated file disclosure vulnerabilities in language_file.php to read arbitrary PHP files from the server.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-25675

1Arcasolutions

1Edirectory

Apr 20, 2026

Apr 5, 2026

8.8 HIGH· v4

7.5 HIGH· v3

N/A· v2

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection to authenticate as administrator, then leverage authenticated file disclosure vulnerabilities in language_file.php to read arbitrary PHP files from the server.Show less