CVE-2019-25575
CVE-2019-25575
8.8
HighPublished:
Last updated:
Source:disclosure@vulncheck.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- Low
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
References
disclosure@vulncheck.com
https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zipdisclosure@vulncheck.com
https://sourceforge.net/projects/simplepresscms/disclosure@vulncheck.com
https://www.exploit-db.com/exploits/46235disclosure@vulncheck.com
https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters