CVE-2019-25668

HIGH

News Website Script 2.0.5 SQL Injection via index.php

Title source: cna

Description

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC

by Mr Winst0n · textwebappsphp

https://www.exploit-db.com/exploits/46456

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46456

https://www.exploit-db.com/exploits/46456

Product product

Official Product Homepage

http://www.phpscriptsmall.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: News Website Script 2.0.5 SQL Injection via index.php

https://www.vulncheck.com/advisories/news-website-script-sql-injection-via-index-php

Scores

CVSS v3 8.2

EPSS 0.0009

EPSS Percentile 24.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

Phpscriptsmall/News Website Script 2.0.5

phpscriptsmall/news_website_script < 2.0.5

Published Apr 05, 2026

Tracked Since Apr 06, 2026