CVE-2019-25693

HIGH

ResourceSpace 8.6 SQL Injection via collection_edit.php

Title source: cna

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

Exploits (1)

exploitdb WORKING POC

by dd_ · textwebappsphp

https://www.exploit-db.com/exploits/46274

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46274

https://www.exploit-db.com/exploits/46274

Product product

Official Product Homepage

https://www.resourcespace.com/

Product product

Product Reference

https://www.resourcespace.com/get

Third Party Advisory third-party-advisory

VulnCheck Advisory: ResourceSpace 8.6 SQL Injection via collection_edit.php

https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php

Scores

CVSS v3 7.1

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352 CWE-89

Status published

Products (2)

montala/resourcespace 8.6

Resourcespace/ResourceSpace Stable release: 8.6

Published Apr 12, 2026

Tracked Since Apr 12, 2026