CVE-2019-25680

Received Received - Intake

SQL Injection in Advance Gift Shop Pro 2.0.3 Enables Data Exposure

Publication date: 2026-04-05

Last updated on: 2026-04-24

Assigner: VulnCheck

Description

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-04-05

Last Modified

2026-04-24

Generated

2026-06-16

AI Q&A

2026-04-06

EPSS Evaluated

2026-06-15

NVD

CVE-2019-25680

Affected Vendors & Products

Vendor	Product	Version / Range
phpscriptsmall	advance_gift_shop_pro_script	to 2.0.3 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

The vulnerability in Advance Gift Shop Pro Script 2.0.3 is an SQL injection flaw. It allows attackers who are not authenticated to inject malicious SQL code through the 's' parameter in search requests. By doing so, attackers can execute arbitrary SQL queries on the database.

This means that an attacker can manipulate the database queries to extract sensitive information such as database version details and other confidential data.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive database information. Attackers can extract confidential data, which may include user information, system details, or other protected data.

Because the vulnerability allows execution of arbitrary SQL commands without authentication, it can lead to data breaches, loss of data confidentiality, and potentially further exploitation of the system.

Compliance Impact

The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive database information. This exposure of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access.

Specifically, the SQL injection vulnerability could result in unauthorized disclosure of personal data, violating confidentiality requirements mandated by these standards.

Hi! I’m here to help you understand CVE-2019-25680. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2019-25680

SQL Injection in Advance Gift Shop Pro 2.0.3 Enables Data Exposure

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart