CVE-2019-25693

7.1 HIGH

Published: April 12, 2026 Modified: April 13, 2026

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.exploit-db.com/exploits/46274

Source: disclosure@vulncheck.com

https://www.resourcespace.com/

Source: disclosure@vulncheck.com

https://www.resourcespace.com/get

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php

Source: disclosure@vulncheck.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.1 / 10.0

EPSS (Exploit Probability)

0.0%

2th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-352

Related CVEs

CVE-2026-34626 6.3

CVE-2026-34622 8.6

CVE-2026-27291 7.8

CVE-2026-27286 5.5

CVE-2026-27285 5.5