CVE-2019-25443
SQL Injection in Inventory Webapp's add-item.php Allows Data Manipulation
Publication date: 2026-02-22
Last updated on: 2026-02-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edlangley | inventory_webapp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Inventory Webapp contains an SQL injection vulnerability in the add-item.php page. This vulnerability allows unauthenticated attackers to inject malicious SQL code through GET parameters such as name, description, quantity, or cat_id. Because the application directly uses these parameters in SQL queries without proper sanitization or parameterization, attackers can manipulate database queries to execute arbitrary commands.
How can this vulnerability impact me? :
This vulnerability can allow attackers to manipulate the database by injecting arbitrary SQL commands. Potential impacts include unauthorized data leakage, modification of database contents, and other database-related attacks. Since the vulnerability is exploitable without authentication, it poses a significant risk to the confidentiality and integrity of the data stored in the Inventory Webapp.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This SQL injection vulnerability can be detected by testing the vulnerable parameters in the URL for SQL injection payloads. Specifically, the GET parameters 'name', 'description', 'quantity', and 'cat_id' on the PHP page /php/add-item.php are vulnerable."}, {'type': 'paragraph', 'content': "A common detection method is to craft URLs with SQL injection payloads and observe the application's response for errors or unexpected behavior indicating successful injection."}, {'type': 'paragraph', 'content': 'For example, you can use curl or a web browser to send requests like:'}, {'type': 'list_item', 'content': 'curl "http://site.com/php/add-item.php?name=\' OR \'1\'=\'1"'}, {'type': 'list_item', 'content': 'curl "http://site.com/php/add-item.php?description=\' OR \'1\'=\'1"'}, {'type': 'list_item', 'content': 'curl "http://site.com/php/add-item.php?quantity=1; DROP TABLE users; --"'}, {'type': 'list_item', 'content': 'curl "http://site.com/php/add-item.php?cat_id=1 OR 1=1"'}, {'type': 'paragraph', 'content': 'If the application returns database errors, unexpected data, or behaves abnormally, it indicates the presence of SQL injection.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Restrict access to the vulnerable PHP page (/php/add-item.php) to trusted users or internal networks until a fix is applied.'}, {'type': 'list_item', 'content': "Implement input validation and sanitization on all GET parameters ('name', 'description', 'quantity', 'cat_id') to prevent malicious SQL code injection."}, {'type': 'list_item', 'content': 'Use parameterized queries or prepared statements instead of directly embedding user input into SQL queries.'}, {'type': 'list_item', 'content': 'Monitor logs for suspicious requests targeting the vulnerable parameters.'}, {'type': 'list_item', 'content': 'Apply patches or updates from the software vendor or source repository if available.'}] [1]