Home / Vulnerability Intelligence / CVE-2019-25575

CVE-2019-25575 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 21, 2026

SimplePress CMS - SQL Injection

Published: March 21, 2026Updated: March 21, 2026Remote Exploitable

Overview

SimplePress CMS 1.0.7 contains an sql injection caused by unsanitized 'p' and 's' parameters, letting unauthenticated attackers execute arbitrary SQL queries to extract sensitive database information, exploit requires crafted GET requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information including usernames and version details.

Mitigation

Update to the latest version of SimplePress CMS.

References

https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters
https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip
https://sourceforge.net/projects/simplepresscms/
https://www.exploit-db.com/exploits/46235

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25575
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N