What is CVE-2019-25678?

CVE-2019-25678 is a high-severity vulnerability in C4g Basic Laboratory Information System, classified under Missing Authentication for Critical Function. CVSS score: 8.2/10. Published 2026-04-05.

How severe is CVE-2019-25678?

High severity. CVSS v3 base score is 8.2 out of 10.

Auth bypass in C4g Basic Laboratory Information System

CVE-2019-25678

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send G…

Vulnerability class: Broken Authentication

EPSS: 0.001 (26.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

C4g Basic Laboratory Information System — versions 3.4

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

ExploitDB-46438 (exploit)
VulnCheck Advisory: C4G BLIS 3.4 SQL Injection via users_select.php (third-party-advisory)

Frequently asked questions

What is CVE-2019-25678?: CVE-2019-25678 is a high-severity vulnerability in C4g Basic Laboratory Information System, classified under Missing Authentication for Critical Function. CVSS score: 8.2/10. Published 2026-04-05.
How severe is CVE-2019-25678?: High severity. CVSS v3 base score is 8.2 out of 10.