CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25578

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract sensitive database information or manipulate queries.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.6%

CVSS Severity

CVSS v3 Score 8.2

References

http://phptransformer.com/
https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip
https://www.exploit-db.com/exploits/46191
https://www.vulncheck.com/advisories/phptransformer-sql-injection-via-generatepdf-php

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25578

Products

Pricing

Contact Us