CVE-2019-25578

CVSS v3.1

8.2

High

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract sensitive database information or manipulate queries.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-25578

Affected Products

Phptransformer

CVE-2019-25578

Weakness Enumeration

Related Identifiers

Affected Products

References · 5