CVE-2019-25431

HIGH

Blue-Smiley-Organizer 1.32 - SQL Injection

Title source: llm

Description

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.

Exploits (1)

exploitdb WORKING POC

by cakes · textwebappsphp

https://www.exploit-db.com/exploits/47550

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47550

[Various Sources] https://github.com/delpino73/Blue-Smiley-Organizer

View Writeup ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/delpino-blue-smiley-organizer-sql-injection-via-datetime

Scores

CVSS v3 8.2

EPSS 0.0013

EPSS Percentile 32.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

delpino73/Blue-Smiley-Organizer 1.32

Published Feb 20, 2026

Tracked Since Feb 21, 2026