CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-25431

HIGH
8.2
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile27.76th
Published2026年2月20日
Last Modified2026年4月15日

Vulnerability Description

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/delpino73/Blue-Smiley-Organizer
🔗 https://www.exploit-db.com/exploits/47550
🔗 https://www.vulncheck.com/advisories/delpino-blue-smiley-organizer-sql-injection-via-datetime

関連する脆弱性情報

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....