CVE-2019-25529

Name of the Vulnerable Software and Affected Versions Placeto CMS version Alpha rv.4

Description An SQL injection issue exists in Placeto CMS version Alpha rv.4 that allows authenticated attackers to manipulate database queries. The issue occurs because malicious SQL code can be injected through the page parameter. Attackers can send GET requests to the ''admin/edit.php'' endpoint with crafted page values, utilizing boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.

Recommendations Apply a fix for Placeto CMS version Alpha rv.4 to address the SQL injection issue in the ''admin/edit.php'' endpoint.