Vulnerability-Lookup

CVE-2019-25575 (GCVE-0-2019-25575)

Vulnerability from cvelistv5 – Published: 2026-03-21 15:30 – Updated: 2026-03-23 20:03

Title

SimplePress CMS 1.0.7 SQL Injection via p and s Parameters

Summary

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.

Severity ?

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

VulnCheck

References

URL

Tags

	https://www.exploit-db.com/exploits/46235	exploit
	https://sourceforge.net/projects/simplepresscms/	product
	https://ayera.dl.sourceforge.net/project/simplepr…	product
	https://www.vulncheck.com/advisories/simplepress-…	third-party-advisory

Impacted products

	Vendor	Product	Version
	Sourceforge	SimplePress CMS	Affected: 1.0.7

Date Public ?

2019-01-24 00:00

Credits

Ihsan Sencan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25575",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T20:02:40.918055Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T20:03:27.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SimplePress CMS",
          "vendor": "Sourceforge",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ihsan Sencan"
        }
      ],
      "datePublic": "2019-01-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027p\u0027 and \u0027s\u0027 parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-22T00:15:21.082Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-46235",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46235"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://sourceforge.net/projects/simplepresscms/"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip"
        },
        {
          "name": "VulnCheck Advisory: SimplePress CMS 1.0.7 SQL Injection via p and s Parameters",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters"
        }
      ],
      "title": "SimplePress CMS 1.0.7 SQL Injection via p and s Parameters",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25575",
    "datePublished": "2026-03-21T15:30:33.799Z",
    "dateReserved": "2026-03-21T15:23:49.617Z",
    "dateUpdated": "2026-03-23T20:03:27.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-25575",
      "date": "2026-05-05",
      "epss": "0.00104",
      "percentile": "0.27861"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-25575\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-03-21T16:16:01.147\",\"lastModified\":\"2026-04-15T17:09:48.490\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027p\u0027 and \u0027s\u0027 parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.\"},{\"lang\":\"es\",\"value\":\"SimplePress CMS 1.0.7 contiene una vulnerabilidad de inyecci\u00f3n SQL que permite a atacantes no autenticados ejecutar consultas SQL arbitrarias inyectando c\u00f3digo malicioso a trav\u00e9s de los par\u00e1metros \u0027p\u0027 y \u0027s\u0027. Los atacantes pueden enviar solicitudes GET con cargas \u00fatiles SQL manipuladas para extraer informaci\u00f3n sensible de la base de datos, incluyendo nombres de usuario, nombres de bases de datos y detalles de la versi\u00f3n.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:simplepresscms:simplepress_cms:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.7\",\"matchCriteriaId\":\"CF1C4B49-CB22-4030-B87B-EB5D48CAAE1A\"}]}]}],\"references\":[{\"url\":\"https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://sourceforge.net/projects/simplepresscms/\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.exploit-db.com/exploits/46235\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Exploit\",\"VDB Entry\"]},{\"url\":\"https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-25575\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-23T20:02:40.918055Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-23T20:03:19.377Z\"}}], \"cna\": {\"title\": \"SimplePress CMS 1.0.7 SQL Injection via p and s Parameters\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ihsan Sencan\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Sourceforge\", \"product\": \"SimplePress CMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.7\"}]}], \"datePublic\": \"2019-01-24T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/46235\", \"name\": \"ExploitDB-46235\", \"tags\": [\"exploit\"]}, {\"url\": \"https://sourceforge.net/projects/simplepresscms/\", \"name\": \"Official Product Homepage\", \"tags\": [\"product\"]}, {\"url\": \"https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip\", \"name\": \"Product Reference\", \"tags\": [\"product\"]}, {\"url\": \"https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters\", \"name\": \"VulnCheck Advisory: SimplePress CMS 1.0.7 SQL Injection via p and s Parameters\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027p\u0027 and \u0027s\u0027 parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-03-22T00:15:21.082Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-25575\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-23T20:03:27.725Z\", \"dateReserved\": \"2026-03-21T15:23:49.617Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-03-21T15:30:33.799Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2019-25575

Vulnerability from fkie_nvd - Published: 2026-03-21 16:16 - Updated: 2026-04-15 17:09

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

References

URL	Tags
disclosure@vulncheck.com	https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip	Broken Link
disclosure@vulncheck.com	https://sourceforge.net/projects/simplepresscms/	Product
disclosure@vulncheck.com	https://www.exploit-db.com/exploits/46235	Exploit, VDB Entry
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters	Third Party Advisory

Impacted products

	Vendor	Product	Version
	simplepresscms	simplepress_cms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:simplepresscms:simplepress_cms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF1C4B49-CB22-4030-B87B-EB5D48CAAE1A",
              "versionEndIncluding": "1.0.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027p\u0027 and \u0027s\u0027 parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details."
    },
    {
      "lang": "es",
      "value": "SimplePress CMS 1.0.7 contiene una vulnerabilidad de inyecci\u00f3n SQL que permite a atacantes no autenticados ejecutar consultas SQL arbitrarias inyectando c\u00f3digo malicioso a trav\u00e9s de los par\u00e1metros \u0027p\u0027 y \u0027s\u0027. Los atacantes pueden enviar solicitudes GET con cargas \u00fatiles SQL manipuladas para extraer informaci\u00f3n sensible de la base de datos, incluyendo nombres de usuario, nombres de bases de datos y detalles de la versi\u00f3n."
    }
  ],
  "id": "CVE-2019-25575",
  "lastModified": "2026-04-15T17:09:48.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "disclosure@vulncheck.com",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-21T16:16:01.147",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Product"
      ],
      "url": "https://sourceforge.net/projects/simplepresscms/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46235"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Primary"
    }
  ]
}

GHSA-GFV2-C97J-JCXP

Vulnerability from github – Published: 2026-03-21 18:31 – Updated: 2026-03-21 18:31

Details

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.8 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-25575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-21T16:16:01Z",
    "severity": "HIGH"
  },
  "details": "SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027p\u0027 and \u0027s\u0027 parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.",
  "id": "GHSA-gfv2-c97j-jcxp",
  "modified": "2026-03-21T18:31:05Z",
  "published": "2026-03-21T18:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25575"
    },
    {
      "type": "WEB",
      "url": "https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/projects/simplepresscms"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46235"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-25575 (GCVE-0-2019-25575)

FKIE_CVE-2019-25575

GHSA-GFV2-C97J-JCXP

Tags

Sightings

Nomenclature