CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.0%

CVSS Severity

CVSS v3 Score 7.1

References

http://www.impresscms.org/
https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms_1.3.11.zip
https://www.exploit-db.com/exploits/46239
https://www.vulncheck.com/advisories/impresscms-sql-injection-via-bid-parameter

Products affected by CVE-2019-25703

Impresscms » Impresscms » Version: 1.3.11

cpe:2.3:a:impresscms:impresscms:1.3.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25703

Products

Pricing

Contact Us