CVE-2019-25300
Unknown Unknown - Not Provided
SQL Injection in Globitek CMS 1.4 Allows Data Manipulation

Publication date: 2026-02-06

Last updated on: 2026-02-06

Assigner: VulnCheck

Description
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25300
EUVD
EUVD-2019-19398
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thejshen globitek_cms to 1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2019-25300 is a SQL injection vulnerability in thejshen Globitek CMS version 1.4. It occurs because the application improperly handles the 'id' GET parameter, allowing attackers to manipulate SQL database queries."}, {'type': 'paragraph', 'content': 'Attackers can exploit this vulnerability using several SQL injection techniques including boolean-based, time-based, and UNION-based methods. These techniques enable attackers to extract or modify sensitive information stored in the database.'}] [2, 3]

Impact Analysis

This vulnerability can have serious impacts as it allows attackers to access or alter database information without proper authorization.

  • Attackers can extract confidential data from the database.
  • Attackers can modify or corrupt database records.
  • The vulnerability has a high impact on confidentiality and a low attack complexity, meaning it can be exploited relatively easily over the network.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing the 'id' GET parameter of the Globitek CMS 1.4 for SQL injection using boolean-based, time-based, and UNION-based payloads."}, {'type': 'list_item', 'content': "Boolean-based blind SQL injection test example: use a payload like `id=4' AND 5143=5143--` to check if the response changes."}, {'type': 'list_item', 'content': "Time-based blind SQL injection test example: use a payload like `id=4' AND (SELECT 4841 FROM (SELECT(SLEEP(5)))eqmp)--` and observe if the response is delayed."}, {'type': 'list_item', 'content': "UNION-based SQL injection test example: use a payload like `id=-4903' UNION ALL SELECT NULL,NULL,CONCAT(0x716a706b71,0x66766f636c546750775053685352676c4f70724d714c4b64494e755252765a626370615a565a4b49,0x717a6a7671),NULL,NULL--` to attempt data extraction."}, {'type': 'paragraph', 'content': 'These tests can be performed using tools like curl or sqlmap against the vulnerable parameter.'}] [3, 2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25300. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart