CVE-2019-12372

HIGH

Petraware pTransformer ADC <2.1.7.22827 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12372. PoCs published by Faudhzan Rahman.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in Petraware pTransformer ADC before 2.1.7.22827. The exploit demonstrates how to bypass the login form by injecting a malicious SQL payload into the User ID parameter.

Description

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

Exploits (1)

exploitdb WRITEUP

by Faudhzan Rahman · textremotewindows

https://www.exploit-db.com/exploits/46934

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in Petraware pTransformer ADC before 2.1.7.22827. The exploit demonstrates how to bypass the login form by injecting a malicious SQL payload into the User ID parameter.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Petraware pTransformer ADC before 2.1.7.22827

No auth needed

Prerequisites: access to the login form of the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://faudhzanrahman.blogspot.com/2019/05/sql-injection-on-login-form.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/153084/Petraware-pTransformer-ADC-SQL-Injection.html

Scores

CVSS v3 7.8

EPSS 0.0094

EPSS Percentile 56.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

petraware/ptransformer_adc < 2.1.7.22827

Published May 28, 2019

Tracked Since Feb 18, 2026