CVE-2019-25693

HIGH

ResourceSpace 8.6 SQL Injection via collection_edit.php

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25693. PoCs published by dd_.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in ResourceSpace <=8.6 via the 'keywords' parameter in 'collection_edit.php'. It includes a functional PoC URL and SQLMap commands to exploit the vulnerability, confirming the back-end DBMS as MySQL and retrieving database information.

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

Exploits (1)

exploitdb WORKING POC

by dd_ · textwebappsphp

https://www.exploit-db.com/exploits/46274

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in ResourceSpace <=8.6 via the 'keywords' parameter in 'collection_edit.php'. It includes a functional PoC URL and SQLMap commands to exploit the vulnerability, confirming the back-end DBMS as MySQL and retrieving database information.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: ResourceSpace <=8.6

Auth required

Prerequisites: valid CSRF token · authenticated session

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46274

https://www.exploit-db.com/exploits/46274

Product product

Official Product Homepage

https://www.resourcespace.com/

Product product

Product Reference

https://www.resourcespace.com/get

Third Party Advisory third-party-advisory

VulnCheck Advisory: ResourceSpace 8.6 SQL Injection via collection_edit.php

https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php

Scores

CVSS v3 7.1

EPSS 0.0016

EPSS Percentile 5.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352 CWE-89

Status published

Products (2)

montala/resourcespace 8.6

Resourcespace/ResourceSpace Stable release: 8.6

Published Apr 12, 2026

Tracked Since Apr 12, 2026