CVE-2019-25697

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to category.php with malicious cat id values to extract sensitive database information including usernames and credentials.