CVE-2019-25676

HIGH

Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection

Title source: cna

Description

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information.

Exploits (1)

exploitdb WORKING POC

by Mr Winst0n · textwebappsphp

https://www.exploit-db.com/exploits/46426

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46426

https://www.exploit-db.com/exploits/46426

Product product

Official Product Homepage

http://www.phpscriptsmall.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection

https://www.vulncheck.com/advisories/ask-expert-script-cross-site-scripting-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0010

EPSS Percentile 28.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79 CWE-89

Status published

Products (2)

Phpscriptsmall/Ask Expert Script 3.0.5

phpscriptsmall/ask_expert_script 3.0.5

Published Apr 05, 2026

Tracked Since Apr 06, 2026