CVE-2019-25640

HIGH

Inout Article Base CMS Lastest SQL Injection via portalLogin.php

Title source: cna

Description

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · textwebappsphp

https://www.exploit-db.com/exploits/46593

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46593

https://www.exploit-db.com/exploits/46593

Product product

Official Product Homepage

https://www.inoutscripts.com/products/inout-article-base/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Inout Article Base CMS Lastest SQL Injection via portalLogin.php

https://www.vulncheck.com/advisories/inout-article-base-cms-lastest-sql-injection-via-portallogin-php

Scores

CVSS v3 8.2

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Inoutscripts/Inout Article Base CMS

Published Mar 24, 2026

Tracked Since Mar 24, 2026