CVE-2019-25573

CVSS v3.1

7.1

High

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat parameter to manipulate database queries and extract sensitive information.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-25573

Affected Products

Greencms

CVE-2019-25573

Weakness Enumeration

Related Identifiers

Affected Products

References · 5