CVE-2019-25680

HIGH

Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25680. PoCs published by Mr Winst0n.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Advance Gift Shop Pro Script 2.0.3 via the 's' parameter in the search functionality. The PoC includes a payload using 'extractvalue' to leak database version information.

Description

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.

Exploits (1)

exploitdb WORKING POC
by Mr Winst0n · textwebappsphp
https://www.exploit-db.com/exploits/46457

The exploit demonstrates a SQL injection vulnerability in Advance Gift Shop Pro Script 2.0.3 via the 's' parameter in the search functionality. The PoC includes a payload using 'extractvalue' to leak database version information.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Advance Gift Shop Pro Script 2.0.3
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46457
https://www.exploit-db.com/exploits/46457
Product product
Official Product Homepage
http://www.phpscriptsmall.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
https://www.vulncheck.com/advisories/advance-gift-shop-pro-script-sql-injection-via-search

Scores

CVSS v3 8.2
EPSS 0.0040
EPSS Percentile 31.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Phpscriptsmall/Advance Gift Shop Pro Script 2.0.3
phpscriptsmall/advance_gift_shop_pro_script < 2.0.3
Published Apr 05, 2026
Tracked Since Apr 06, 2026