Home / Vulnerability Intelligence / CVE-2019-25709

CVE-2019-25709 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 12, 2026

CF Image Hosting Script - Information Disclosure & Data Tampering

Published: April 12, 2026Updated: April 12, 2026Remote Exploitable

Overview

CF Image Hosting Script 1.6.5 contains an information disclosure caused by unauthenticated access to imgdb.db file in upload/data directory, letting attackers download and decode the database, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can download and decode the database, extract delete IDs, and delete all pictures.

Mitigation

Update to the latest version or apply patches to restrict access to the database file.

References

https://www.exploit-db.com/exploits/46094
https://www.vulncheck.com/advisories/cf-image-hosting-script-unauthorized-database-access
http://forum.codefuture.co.uk/showthread.php?tid=73141
https://davidtavarez.github.io/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25709
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: new

CWE

CWE-552

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H