CVE-2019-25676

HIGH

Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25676. PoCs published by Mr Winst0n.

AI-analyzed exploit summary The exploit demonstrates XSS and SQL injection vulnerabilities in Ask Expert Script 3.0.5 via crafted URLs targeting 'categorysearch.php' and 'list-details.php'. The PoC includes direct payload examples for both attack vectors.

Description

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information.

Exploits (1)

exploitdb WORKING POC

by Mr Winst0n · textwebappsphp

https://www.exploit-db.com/exploits/46426

View Code ZIP pw:eip

The exploit demonstrates XSS and SQL injection vulnerabilities in Ask Expert Script 3.0.5 via crafted URLs targeting 'categorysearch.php' and 'list-details.php'. The PoC includes direct payload examples for both attack vectors.

Classification

Working Poc 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Ask Expert Script 3.0.5

No auth needed

Prerequisites: access to the target web application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46426

https://www.exploit-db.com/exploits/46426

Product product

Official Product Homepage

http://www.phpscriptsmall.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection

https://www.vulncheck.com/advisories/ask-expert-script-cross-site-scripting-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0046

EPSS Percentile 36.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79 CWE-89

Status published

Products (2)

Phpscriptsmall/Ask Expert Script 3.0.5

phpscriptsmall/ask_expert_script 3.0.5

Published Apr 05, 2026

Tracked Since Apr 06, 2026