Platform
php
Component
fiverr-clone-script
Fixed in
1.2.3
CVE-2019-25444 describes a critical SQL injection vulnerability present in Fiverr Clone Script versions 1.2.2 through 1.2.2. This flaw allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code via the 'page' parameter. Successful exploitation could lead to unauthorized access to sensitive data and potential modification of the database, compromising the integrity and confidentiality of the application and its users.
The SQL injection vulnerability in Fiverr Clone Script allows attackers to bypass authentication and directly interact with the database. An attacker could craft malicious SQL queries to extract usernames, passwords, order details, payment information, and other sensitive data stored within the database. Beyond data exfiltration, the attacker could potentially modify or delete data, leading to denial of service or even complete compromise of the application. The impact is particularly severe given the potential for unauthorized access to user data and the ability to manipulate critical business functions.
While no active exploitation campaigns are publicly known, the severity of the vulnerability (CVSS 9.1) and the ease of exploitation make it a high-priority target. The lack of a fixed version increases the risk. This vulnerability is not listed on KEV as of the last update. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2019-25444 is to upgrade to a patched version of Fiverr Clone Script. As no fixed version is specified, thorough code review and sanitization of user inputs, particularly the 'page' parameter, is crucial. Implementing a Web Application Firewall (WAF) with SQL injection protection rules can provide a temporary layer of defense. Carefully review and restrict database user permissions to limit the potential damage from a successful injection. After applying mitigations, test the application thoroughly, focusing on input validation and parameterized queries, to confirm the vulnerability is resolved.
Actualice a una versión corregida del Fiverr Clone Script que solucione la vulnerabilidad de inyección SQL en el parámetro 'page'. Verifique la documentación del proveedor (Phpscriptsmall) para obtener información sobre las actualizaciones disponibles y las instrucciones de instalación. Además, implemente validación y saneamiento de entradas en el código para prevenir futuras inyecciones SQL.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25444 is a critical SQL injection vulnerability affecting Fiverr Clone Script versions 1.2.2–1.2.2, allowing attackers to manipulate database queries through the 'page' parameter.
If you are using Fiverr Clone Script version 1.2.2, you are potentially affected by this vulnerability. Immediate action is required.
Upgrade to a patched version of Fiverr Clone Script. If unavailable, implement strict input validation and consider a WAF.
While no active campaigns are confirmed, the vulnerability's severity makes it a likely target for exploitation.
Check the Fiverr Clone Script project's official website or repository for security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.