CVE-2019-25662

HIGH

ResourceSpace 8.6 SQL Injection via watched_searches.php

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25662. PoCs published by dd_.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in ResourceSpace <=8.6 via the 'ref' parameter in 'watched_searches.php'. It includes a proof-of-concept URL and a sqlmap command to exploit the vulnerability, confirming successful extraction of database names.

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials.

Exploits (1)

exploitdb WORKING POC

by dd_ · textwebappsphp

https://www.exploit-db.com/exploits/46308

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in ResourceSpace <=8.6 via the 'ref' parameter in 'watched_searches.php'. It includes a proof-of-concept URL and a sqlmap command to exploit the vulnerability, confirming successful extraction of database names.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ResourceSpace <=8.6

Auth required

Prerequisites: valid session cookie · access to the vulnerable endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46308

https://www.exploit-db.com/exploits/46308

Product product

Official Product Homepage

https://www.resourcespace.com/

Product product

Product Reference

https://www.resourcespace.com/get

Third Party Advisory third-party-advisory

VulnCheck Advisory: ResourceSpace 8.6 SQL Injection via watched_searches.php

https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-watched-searches-php

Scores

CVSS v3 8.2

EPSS 0.0042

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

montala/resourcespace < 8.6

Montala/ResourceSpace 8.6

Published Apr 05, 2026

Tracked Since Apr 06, 2026