CVE-2019-25751

Name of the Vulnerable Software and Affected Versions J-ClassifiedsManager version 3.0.5

Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. By submitting crafted payloads to the 'displayads' component via the categorySearch, adType, and citySearch parameters, attackers can extract sensitive database information, such as usernames, databases, and version details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.