CVE-2019-25443

HIGH

Inventory Webapp - SQL Injection

Title source: llm

Description

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat_id parameters to add-item.php to execute arbitrary database commands.

Exploits (1)

exploitdb WORKING POC

by mohammad zaheri · textwebappsphp

https://www.exploit-db.com/exploits/47356

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47356

[Third Party Advisory] https://www.vulncheck.com/advisories/inventory-webapp-sql-injection-via-add-itemphp

Scores

CVSS v3 8.2

EPSS 0.0013

EPSS Percentile 31.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

edlangley/inventory-webapp

Published Feb 22, 2026

Tracked Since Feb 22, 2026