CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25693

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.2%

CVSS Severity

CVSS v3 Score 7.1

References

https://www.exploit-db.com/exploits/46274
https://www.resourcespace.com/
https://www.resourcespace.com/get
https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php

Products affected by CVE-2019-25693

Montala » Resourcespace » Version: 8.6

cpe:2.3:a:montala:resourcespace:8.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25693

Products

Pricing

Contact Us