C4G BLIS 3.4 SQL Injection via users_select.php

Description

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.

Affected Products

Vendor	Product	Versions
c4g	basic laboratory information system	3.4

References

https://www.exploit-db.com/exploits/46438(exploit)
https://www.vulncheck.com/advisories/c4g-blis-sql-injection-via-users-select-php(third-party-advisory)

Related News (1 articles)

Tier C

VulDB15h ago

CVE-2019-25678 | C4G Basic Laboratory Information System 3.4 users_select.php site missing authentication (Exploit 46438 / EDB-46438)

→ No new info (linked only)

CVSS 3.18.2 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-306

PublishedApr 5, 2026

Last enriched15h agov2

Trending Score53

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Version History

Last enriched 15h ago

v2Tier C15h ago

Updated severity to CRITICAL and marked exploit as available and actively exploited.

severityexploitAvailableactivelyExploited

via VulDB

v123h ago

Initial creation