HIGH🇵🇱 Wersja polska

CVE-2025-25206

CVSS 8.3v3.1pub. 2025-02-14upd. 2025-08-18

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
  • Elabftw

    APP
    Elabftw
    < 5.1.15
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPESQLi
CWE
References

Related vulnerabilities

CVE-2021-43834CRITICAL9.1ten sam produkt

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulner...

CVE-2024-45408HIGH7.5ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been fo...

CVE-2024-25632HIGH8.6ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrat...

CVE-2024-28100HIGH8.9ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a r...

CVE-2021-43833HIGH8.1ten sam produkt

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulner...