CVE-2019-25431

HIGH

Blue-Smiley-Organizer 1.32 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25431. PoCs published by cakes.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Blue-Smiley-Organizer 1.32 via the 'datetime' POST parameter, including boolean-based blind and time-based blind techniques. It also includes a payload to write a PHP command shell to a file.

Description

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.

Exploits (1)

exploitdb WORKING POC
by cakes · textwebappsphp
https://www.exploit-db.com/exploits/47550

The exploit demonstrates SQL injection vulnerabilities in Blue-Smiley-Organizer 1.32 via the 'datetime' POST parameter, including boolean-based blind and time-based blind techniques. It also includes a payload to write a PHP command shell to a file.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Blue-Smiley-Organizer 1.32
No auth needed
Prerequisites: Access to the application's POST endpoint for the 'datetime' parameter
devstral-2 · analyzed Feb 21, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.2
EPSS 0.0026
EPSS Percentile 17.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
delpino73/Blue-Smiley-Organizer 1.32
Published Feb 20, 2026
Tracked Since Feb 21, 2026