Aggregates CVE and security vulnerability intelligence across all agilebio-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk file inclusion, with potential vendor impact data exposure and vendor impact file overwrite across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-25438 | LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication. | [email protected] | 8.8 | 0.56% | 2026-02-20 | 2026-03-02 |
| CVE-2023-33253 | LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent. | [email protected] | 8.8 | 44.35% | 2023-06-12 | 2024-11-21 |
| CVE-2023-24217 | AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | [email protected] | 8.8 | 4.94% | 2023-03-06 | 2025-03-06 |