CyberSec.Space Logo
Back to CVE Browser

CVE-2019-25431

HIGH
8.2
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile27.76th
PublishedFeb 20, 2026
Last ModifiedApr 15, 2026

Vulnerability Description

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/delpino73/Blue-Smiley-Organizer
🔗 https://www.exploit-db.com/exploits/47550
🔗 https://www.vulncheck.com/advisories/delpino-blue-smiley-organizer-sql-injection-via-datetime

Related Vulnerabilities

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-1981010.0

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote un...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...