CVE-2019-25529

HIGH

Placeto CMS Alpha rv.4 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25529. PoCs published by Abdullah Çelebi.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Placeto CMS Alpha v4 via the 'page' parameter. It includes payloads for boolean-based blind, time-based blind, and union-based SQLi attacks.

Description

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by Abdullah Çelebi · textwebappsphp
https://www.exploit-db.com/exploits/46588

The exploit demonstrates SQL injection vulnerabilities in Placeto CMS Alpha v4 via the 'page' parameter. It includes payloads for boolean-based blind, time-based blind, and union-based SQLi attacks.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Placeto CMS Alpha rv.4
Auth required
Prerequisites: authorized user login · access to the 'edit.php' page
devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.1
EPSS 0.0028
EPSS Percentile 20.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Published Mar 12, 2026
Tracked Since Mar 12, 2026