CVE-2019-25439

Name of the Vulnerable Software and Affected Versions NoviSmart CMS (affected versions not specified)

Description NoviSmart CMS has a flaw that allows remote attackers to execute arbitrary SQL queries. This is possible by injecting malicious code through the Referer HTTP header field. Attackers can use time-based SQL injection payloads within the Referer header to extract sensitive database information or cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.