Platform
php
Component
cmssite
Fixed in
1.0.1
CVE-2019-25674 describes a SQL Injection vulnerability discovered in CMSsite versions 1.0.0 through 1.0. This flaw allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code through the 'post' parameter within the post.php file. Successful exploitation could lead to unauthorized access to sensitive database information, impacting the confidentiality and integrity of the CMSsite application.
An attacker exploiting CVE-2019-25674 can leverage the SQL Injection vulnerability to bypass authentication and directly interact with the underlying database. This allows for the extraction of sensitive data such as user credentials, configuration details, and potentially even the entire database content. The attacker could also modify data, leading to data corruption or denial of service. The impact is amplified if the CMSsite application handles critical business logic or stores personally identifiable information (PII). While no direct precedent is explicitly mentioned, the potential for data exfiltration and manipulation mirrors the impact of numerous SQL Injection vulnerabilities observed in web applications.
CVE-2019-25674 was published on 2026-04-05. The vulnerability's severity is rated HIGH (CVSS 8.2). There is no indication of active exploitation campaigns or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are not widely known, but the SQL Injection nature of the vulnerability makes it likely that such exploits will emerge if the application remains unpatched.
Exploit Status
EPSS
0.24% (48% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2019-25674 is to upgrade to a patched version of CMSsite. Since a fixed version is not specified in the provided data, thoroughly review the CMSsite project's release notes and security advisories for the latest available patch. As a temporary workaround, implement input validation and sanitization on the 'post' parameter in post.php to prevent the injection of malicious SQL code. Consider using parameterized queries or prepared statements to further protect against SQL Injection attacks. Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide an additional layer of defense.
Update CMSsite to a patched version that resolves the SQL injection (SQL Injection) vulnerability in the 'post' parameter. Verify the vendor documentation for specific upgrade instructions. Additionally, implement input validation and sanitization to prevent future SQL injections (SQL Injection).
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25674 is a SQL Injection vulnerability in CMSsite versions 1.0.0–1.0, allowing attackers to manipulate database queries through the 'post' parameter in post.php.
If you are running CMSsite version 1.0.0–1.0 and have not applied a patch, you are potentially vulnerable to SQL Injection attacks.
Upgrade to a patched version of CMSsite. Review the project's release notes for the latest security updates. Implement input validation and parameterized queries as a temporary workaround.
There is no current evidence of widespread exploitation, but the vulnerability's nature makes it a potential target.
Refer to the CMSsite project's official website or security advisories for information regarding this vulnerability and available patches.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.