CVE-2019-25640

Name of the Vulnerable Software and Affected Versions Inout Article Base CMS (affected versions not specified)

Description Unauthenticated attackers can manipulate database queries using SQL injection. By sending GET requests to the 'portalLogin.php' endpoint, attackers can inject SQL code via XOR-based payloads through the p and u parameters. This can lead to the extraction of sensitive database information or a denial of service through time-based attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.