Home / Vulnerability Intelligence / CVE-2019-25680

CVE-2019-25680 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 5, 2026

Advance Gift Shop Pro Script - SQL Injection

Published: April 5, 2026Updated: April 5, 2026Remote Exploitable

Overview

Advance Gift Shop Pro Script 2.0.3 contains an sql injection caused by improper sanitization of the 's' search parameter, letting unauthenticated attackers execute arbitrary SQL queries and extract sensitive data.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL queries to extract sensitive database information.

Mitigation

Update to the latest version of Advance Gift Shop Pro Script.

References

http://www.phpscriptsmall.com/
https://www.exploit-db.com/exploits/46457
https://www.vulncheck.com/advisories/advance-gift-shop-pro-script-sql-injection-via-search

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25680
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N