Home / Vulnerability Intelligence / CVE-2019-25580

CVE-2019-25580 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 21, 2026

ownDMS - SQL Injection

Published: March 21, 2026Updated: March 21, 2026Remote Exploitable

Overview

ownDMS 4.7 contains an sql injection caused by unsanitized IMG parameter in pdfstream.php, imagestream.php, and anyfilestream.php, letting unauthenticated attackers execute arbitrary SQL queries and extract sensitive database information.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL queries to extract sensitive database information, compromising data confidentiality.

Mitigation

Update ownDMS to the latest version.

References

http://www.owndms.com/
https://datapacket.dl.sourceforge.net/project/owndms/owndms_47.zip
https://www.exploit-db.com/exploits/46168
https://www.vulncheck.com/advisories/owndms-sql-injection-via-pdfstream-php-imagestream-php

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25580
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N