CVE-2019-25697
SQL Injection in CMSsite 1.0 Allows Data Extraction
Publication date: 2026-04-12
Last updated on: 2026-04-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| victoralagwu | cmssite | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized extraction of sensitive database information, including usernames and credentials.
Attackers can exploit this flaw to access confidential data, potentially causing data breaches and compromising the security of the affected system.
Such unauthorized access can also lead to further exploitation or manipulation of the database.
Can you explain this vulnerability to me?
CVE-2019-25697 is an SQL injection vulnerability found in the CMSsite 1.0 application, specifically in the category.php file. The vulnerability occurs because the cat_id parameter from HTTP GET requests is used directly in SQL queries without any sanitization or validation.
This allows unauthenticated attackers to inject malicious SQL code through the cat_id parameter, manipulating database queries. For example, attackers can use UNION-based SQL injection to combine the original query with crafted queries that extract sensitive information such as database usernames and credentials.
The root cause is the lack of input sanitization or use of prepared statements, which enables attackers to execute unauthorized SQL commands.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL injection vulnerability can be detected by sending specially crafted GET requests to the vulnerable endpoint and observing the response for signs of SQL injection.
For example, you can test the vulnerability by sending a request to the category.php script with a malicious cat_id parameter that attempts to inject SQL code.
- curl "http://<target>/category.php?cat_id=7 UNION SELECT 1,2,user(),3,4,5,6,7,8,9,10%23"
If the response contains database user information or other unexpected data, it indicates the presence of the SQL injection vulnerability.
Monitoring network traffic for unusual GET requests to category.php with suspicious cat_id values can also help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and validating all user inputs, especially the cat_id parameter, to prevent SQL injection.
Implement prepared statements or parameterized queries instead of directly embedding user input into SQL queries.
Restrict database user permissions to limit the impact of any potential injection.
Additionally, monitor and block suspicious requests targeting category.php with malicious cat_id parameters.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in CMSsite 1.0 allows attackers to extract sensitive database information including usernames and credentials without authentication.
Such unauthorized access and potential data breaches can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and disclosure.
Therefore, exploitation of this vulnerability could result in violations of these standards due to exposure of confidential user data.