CVE-2019-25539

Name of the Vulnerable Software and Affected Versions 202CMS version 10 beta

Description The software contains a blind SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the log user parameter. Attackers can send POST requests to the ''index.php'' endpoint with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information.

Recommendations Versions prior to 10 beta should be used. As a temporary workaround, consider restricting access to the ''index.php'' endpoint to minimize the risk of exploitation. Avoid using the log user parameter in POST requests to the ''index.php'' endpoint until the issue is resolved.