CVE-2019-25674

HIGH

CMSsite 1.0 SQL Injection via post Parameter

Title source: cna

Description

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perform time-based blind SQL injection attacks.

Exploits (1)

exploitdb WORKING POC

by Mr Winst0n · textwebappsphp

https://www.exploit-db.com/exploits/46402

View Code ZIP pw:eip

References (3)

Core 3

Core References

Product product

Official Product Homepage

https://github.com/VictorAlagwu/CMSsite

Third Party Advisory third-party-advisory

VulnCheck Advisory: CMSsite 1.0 SQL Injection via post Parameter

https://www.vulncheck.com/advisories/cmssite-sql-injection-via-post-parameter

Exploit exploit

ExploitDB-46402

https://www.exploit-db.com/exploits/46402

Scores

CVSS v3 8.2

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

victoralagwu/cmssite 1.0

VictorAlagwu/CMSsite 1.0

Published Apr 05, 2026

Tracked Since Apr 06, 2026