CVE-2019-25575

Name of the Vulnerable Software and Affected Versions SimplePress CMS version 1.0.7

Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information, including usernames, database names, and version details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.