Home / Vulnerability Intelligence / CVE-2019-25675

CVE-2019-25675 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 5, 2026

eDirectory - Authentication Bypass & Information Disclosure

Published: April 5, 2026Updated: April 5, 2026Remote Exploitable

Overview

eDirectory contains multiple SQL injection vulnerabilities caused by unsanitized input in login and language_file.php parameters, letting unauthenticated attackers bypass admin authentication and read arbitrary PHP files.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can bypass admin authentication and read arbitrary PHP files, leading to full system compromise.

Mitigation

Update to the latest version with patches for SQL injection vulnerabilities.

References

https://www.edirectory.com/
https://www.exploit-db.com/exploits/46423
https://www.vulncheck.com/advisories/edirectory-all-versions-sql-injection-authentication-bypass

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25675
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N