Home / Vulnerability Intelligence / CVE-2019-25669

CVE-2019-25669 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 5, 2026

qdPM - SQL Injection

Published: April 5, 2026Updated: April 5, 2026Remote Exploitable

Overview

qdPM 9.1 contains an sql injection caused by unsanitized input in the search_by_extrafields[] parameter in the users endpoint, letting attackers manipulate database queries and extract information, exploit requires crafted POST requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can manipulate database queries to extract sensitive information or cause errors.

Mitigation

Update to the latest version.

References

http://qdpm.net
http://qdpm.net/download-qdpm-free-project-management
https://www.exploit-db.com/exploits/46387
https://www.vulncheck.com/advisories/qdpm-sql-injection-via-search-by-extrafields-parameter

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25669
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N