CVE-2019-25442

HIGH

Web Wiz Forums 12.01 - SQL Injection

Title source: llm

Description

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC

by n1x_ · textwebappsasp

https://www.exploit-db.com/exploits/47284

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47284

[Third Party Advisory] https://www.vulncheck.com/advisories/web-wiz-forums-sql-injection-via-pf-parameter

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 26.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

Webwiz/Web Wiz Forums 12.01

webwiz/web_wiz_forums 12.01

Published Feb 22, 2026

Tracked Since Feb 22, 2026