CVE-2019-25503

Name of the Vulnerable Software and Affected Versions PHPads version 2.0

Description PHPads 2.0 has an SQL injection issue. Unauthenticated attackers can execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in the ''click.php3'' file. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information, such as the current database name.

Recommendations Apply updates to address the issue in PHPads version 2.0. As a temporary workaround, restrict access to the ''click.php3'' file to minimize the risk of exploitation.