CVE-2019-25680
Received Received - Intake
SQL Injection in Advance Gift Shop Pro 2.0.3 Enables Data Exposure

Publication date: 2026-04-05

Last updated on: 2026-04-24

Assigner: VulnCheck

Description
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-05
Last Modified
2026-04-24
Generated
2026-05-07
AI Q&A
2026-04-06
EPSS Evaluated
2026-05-05
NVD
CVE-2019-25680
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
phpscriptsmall advance_gift_shop_pro_script to 2.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in Advance Gift Shop Pro Script 2.0.3 is an SQL injection flaw. It allows attackers who are not authenticated to inject malicious SQL code through the 's' parameter in search requests. By doing so, attackers can execute arbitrary SQL queries on the database.

This means that an attacker can manipulate the database queries to extract sensitive information such as database version details and other confidential data.


How can this vulnerability impact me? :

This vulnerability can have serious impacts including unauthorized access to sensitive database information. Attackers can extract confidential data, which may include user information, system details, or other protected data.

Because the vulnerability allows execution of arbitrary SQL commands without authentication, it can lead to data breaches, loss of data confidentiality, and potentially further exploitation of the system.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive database information. This exposure of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access.

Specifically, the SQL injection vulnerability could result in unauthorized disclosure of personal data, violating confidentiality requirements mandated by these standards.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart