CVE-2019-25668

HIGH

News Website Script 2.0.5 SQL Injection via index.php

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25668. PoCs published by Mr Winst0n.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in News Website Script 2.0.5 by manipulating the URL path to inject SQL conditions, bypassing authentication or extracting data.

Description

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by Mr Winst0n · textwebappsphp
https://www.exploit-db.com/exploits/46456

The exploit demonstrates a SQL injection vulnerability in News Website Script 2.0.5 by manipulating the URL path to inject SQL conditions, bypassing authentication or extracting data.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: News Website Script 2.0.5
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46456
https://www.exploit-db.com/exploits/46456
Product product
Official Product Homepage
http://www.phpscriptsmall.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: News Website Script 2.0.5 SQL Injection via index.php
https://www.vulncheck.com/advisories/news-website-script-sql-injection-via-index-php

Scores

CVSS v3 8.2
EPSS 0.0040
EPSS Percentile 31.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Phpscriptsmall/News Website Script 2.0.5
phpscriptsmall/news_website_script < 2.0.5
Published Apr 05, 2026
Tracked Since Apr 06, 2026