CVE-2019-25730
SQL Injection in Listing Hub CMS
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| listing_hub | cms | 1.0 |
| themerig | listings_directory_cms_directory_php_script | to 1.0 (inc) |
| themerig | listings_directory_cms_directory_php_script | to 1.1 (inc) |
| themerig | listings_directory_cms_directory_php_script | 1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Listing Hub CMS version 1.0 contains a SQL injection vulnerability in the 'pages.php' file, specifically in the 'id' parameter. This flaw allows unauthenticated attackers to inject malicious SQL code by sending crafted GET requests. Using error-based SQL injection techniques, attackers can cause database errors that reveal sensitive information such as database credentials, usernames, and version details.
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows attackers to execute arbitrary SQL queries without authentication. Exploiting this flaw can lead to unauthorized disclosure of sensitive database information including credentials and user data. This can compromise the integrity and confidentiality of the affected system's data, potentially leading to further attacks or data breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted GET requests to the vulnerable endpoint pages.php with malicious SQL injection payloads in the id parameter. Error-based SQL injection techniques trigger database errors that reveal sensitive information such as database credentials, usernames, and version details.
A typical detection method involves using curl or similar HTTP clients to send requests with SQL injection payloads and observing the response for database error messages.
- curl "http://target-site/pages.php?id=1'"
- curl "http://target-site/pages.php?id=1' AND 1=1--"
- curl "http://target-site/pages.php?id=1' AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT database()),0x3a,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)-- -"
If the response contains database errors or reveals database names, usernames, or version information, it indicates the presence of the SQL injection vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying patches or updates that fix the vulnerability. For Listing Hub CMS, upgrading to version 1.2 or later addresses this issue.
If an update is not immediately available, consider implementing input validation and sanitization on the id parameter to prevent SQL injection.
Additionally, restricting access to the vulnerable pages.php endpoint through web application firewalls (WAF) or network-level controls can help reduce exposure.
Monitoring and logging suspicious requests targeting the id parameter can also help detect exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in Listing Hub CMS 1.0 allows unauthenticated attackers to extract sensitive database information such as credentials and usernames. This exposure of sensitive data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access.
By enabling attackers to access confidential data through SQL injection, the vulnerability increases the risk of data breaches, which can result in regulatory penalties and damage to organizational reputation.