Home / Vulnerability Intelligence / CVE-2019-25578

CVE-2019-25578 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 21, 2026

phpTransformer - SQL Injection

Published: March 21, 2026Updated: March 21, 2026Remote Exploitable

Overview

phpTransformer 2016.9 contains an sql injection caused by improper sanitization of the idnews parameter in GeneratePDF.php, letting remote attackers execute arbitrary SQL queries, exploit requires crafted GET requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Remote attackers can execute arbitrary SQL queries, potentially leading to data disclosure or manipulation.

Mitigation

Update to the latest version of phpTransformer.

References

https://www.exploit-db.com/exploits/46191
https://www.vulncheck.com/advisories/phptransformer-sql-injection-via-generatepdf-php
http://phptransformer.com/
https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25578
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N