Plattform
php
Komponente
impresscms
Behoben in
1.3.12
CVE-2019-25703 describes a time-based blind SQL injection vulnerability discovered in ImpressCMS versions 1.3.11. This flaw allows authenticated attackers to manipulate database queries by injecting malicious SQL code through the 'bid' parameter within the admin.php endpoint. Successful exploitation could lead to unauthorized access and exfiltration of sensitive data, impacting website integrity and user privacy.
An attacker exploiting CVE-2019-25703 can send crafted POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands. This allows them to extract sensitive database information in a time-based, blind manner. The attacker doesn't see the results directly but infers them based on response times. Successful exploitation could lead to the theft of user credentials, configuration data, and potentially the entire database. The vulnerability requires authentication, but a compromised administrator account would provide extensive access.
CVE-2019-25703 was published on 2026-04-12. The vulnerability's severity is rated as High (CVSS 7.1). Public proof-of-concept (POC) code may exist or emerge, increasing the risk of exploitation. The vulnerability requires authentication. Currently, there's no indication of active exploitation campaigns targeting this specific CVE.
Exploit-Status
EPSS
0.05% (16% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2019-25703 is to upgrade ImpressCMS to a patched version. While a specific patched version isn't explicitly stated, upgrading to the latest available version is the best course of action. As a temporary workaround, implement input validation and sanitization on the 'bid' parameter to prevent SQL injection. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can also provide a layer of protection. Regularly review and audit database access logs for suspicious activity.
Actualice ImpressCMS a una versión corregida. Verifique el sitio web oficial de ImpressCMS o los foros de la comunidad para obtener instrucciones específicas de actualización y parches de seguridad. Asegúrese de que todas las entradas de usuario se validen y escapen adecuadamente para prevenir futuras inyecciones SQL.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-25703 is a SQL Injection vulnerability affecting ImpressCMS version 1.3.11. It allows authenticated attackers to extract sensitive database information by manipulating SQL queries through the 'bid' parameter in the admin.php endpoint.
You are affected if you are running ImpressCMS version 1.3.11. Check your installation version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of ImpressCMS. Until a patch is available, restrict access to admin.php and implement strict input validation on the 'bid' parameter.
While no active campaigns are currently known, the availability of public proof-of-concept code increases the risk of exploitation. Continuous monitoring and mitigation are recommended.
Refer to the official ImpressCMS website and security advisories for updates and patches related to CVE-2019-25703. Check their forums and mailing lists for announcements.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.