CVE-2019-25638

HIGH

Meeplace Business Review Script Lastest SQL Injection via addclick.php

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25638. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary The exploit demonstrates a time-based SQL injection vulnerability in Meeplace Business Review Script via the 'id' parameter in the 'addclick.php' endpoint. The payload uses RLIKE with a SLEEP function to confirm the vulnerability.

Description

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · textwebappsphp
https://www.exploit-db.com/exploits/46592

The exploit demonstrates a time-based SQL injection vulnerability in Meeplace Business Review Script via the 'id' parameter in the 'addclick.php' endpoint. The payload uses RLIKE with a SLEEP function to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Meeplace Business Review Script (Latest)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46592
https://www.exploit-db.com/exploits/46592
Product product
Official Product Homepage
http://www.meeplace.com
Third Party Advisory third-party-advisory
VulnCheck Advisory: Meeplace Business Review Script Lastest SQL Injection via addclick.php
https://www.vulncheck.com/advisories/meeplace-business-review-script-lastest-sql-injection-via-addclick-php

Scores

CVSS v3 7.1
EPSS 0.0029
EPSS Percentile 20.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Meeplace/Meeplace Business Review Script
Published Mar 24, 2026
Tracked Since Mar 24, 2026