Home / Vulnerability Intelligence / CVE-2019-25676

CVE-2019-25676 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 5, 2026

Ask Expert Script - SQL Injection & Stored XSS

Published: April 5, 2026Updated: April 5, 2026Remote Exploitable

Overview

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities caused by unsanitized URL parameters in categorysearch.php and list-details.php, letting unauthenticated attackers execute arbitrary code or extract database information.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary scripts or extract database information, leading to data theft or site compromise.

Mitigation

Update to the latest version of Ask Expert Script that addresses these vulnerabilities.

References

https://www.exploit-db.com/exploits/46426
https://www.vulncheck.com/advisories/ask-expert-script-cross-site-scripting-sql-injection
http://www.phpscriptsmall.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25676
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N