CVE-2019-25529

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Placeto CMS version Alpha rv.4

Description An SQL injection issue exists in Placeto CMS version Alpha rv.4 that allows authenticated attackers to manipulate database queries. The issue occurs because malicious SQL code can be injected through the page parameter. Attackers can send GET requests to the ''admin/edit.php'' endpoint with crafted page values, utilizing boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.

Recommendations Apply a fix for Placeto CMS version Alpha rv.4 to address the SQL injection issue in the ''admin/edit.php'' endpoint.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-25529

Affected Products

Placeto Cms

CVE-2019-25529

Weakness Enumeration

Related Identifiers

Affected Products

References · 5