CVE-2019-25703

Source
https://cve.org/CVERecord?id=CVE-2019-25703
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25703.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-25703
Published
2026-04-12T13:16:33.113Z
Modified
2026-07-08T19:50:44.968745Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.

References

Affected packages

Git / github.com/impresscms/impresscms

Affected ranges

Type
GIT
Repo
https://github.com/impresscms/impresscms
Events
Database specific
{
    "cpe": "cpe:2.3:a:impresscms:impresscms:1.3.11:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "1.3.11"
        },
        {
            "last_affected": "1.3.11"
        }
    ]
}

Affected versions

1.*
1.3.11
v1.*
v1.3.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25703.json"