CVE-2019-25642

HIGH

Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules

Title source: cna
STIX 2.1

Description

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter to extract sensitive database information or cause denial of service.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · textwebappsphp
https://www.exploit-db.com/exploits/46590

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46590
https://www.exploit-db.com/exploits/46590
Product product
Official Product Homepage
http://bootstrapy.com
Third Party Advisory third-party-advisory
VulnCheck Advisory: Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules
https://www.vulncheck.com/advisories/bootstrapy-cms-lastest-multiple-sql-injection-via-forum-and-contact-modules

Scores

CVSS v3 8.2
EPSS 0.0012
EPSS Percentile 29.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Bootstrapy/Bootstrapy CMS
Published Mar 24, 2026
Tracked Since Mar 24, 2026