Home / Vulnerability Intelligence / CVE-2019-25481

CVE-2019-25481 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 12, 2026

iScripts ReserveLogic - SQL Injection

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

iScripts ReserveLogic contains an sql injection caused by unsanitized input in the jqSearchDestination parameter in the search endpoint, letting unauthenticated attackers extract sensitive database information via crafted POST requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information, potentially compromising the entire database.

Mitigation

Update to the latest version.

References

https://www.exploit-db.com/exploits/46640
https://www.vulncheck.com/advisories/iscripts-reservelogic-lastest-sql-injection-via-search-endpoint

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25481
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N