CVE-2019-25668 PUBLISHED

News Website Script 2.0.5 SQL Injection via index.php

Assigner: VulnCheck
Reserved: 05.04.2026 Published: 05.04.2026 Updated: 05.04.2026

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.8

Product Status

Vendor Phpscriptsmall
Product News Website Script
Versions
  • Version 2.0.5 is affected

Credits

  • Mr Winst0n finder

References

Problem Types

  • Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE