Home / Vulnerability Intelligence / CVE-2019-25640

CVE-2019-25640 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 24, 2026

Inout Article Base CMS - SQL Injection

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

Inout Article Base CMS contains SQL injection vulnerabilities caused by unsanitized 'p' and 'u' parameters in portalLogin.php, letting unauthenticated attackers extract sensitive data or cause denial of service via time-based attacks.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information or cause denial of service, impacting data confidentiality and availability.

Mitigation

Update to the latest version of Inout Article Base CMS.

References

https://www.exploit-db.com/exploits/46593
https://www.inoutscripts.com/products/inout-article-base/
https://www.vulncheck.com/advisories/inout-article-base-cms-lastest-sql-injection-via-portallogin-php

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25640
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N