CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-25431

HIGH
8.2
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile27.76th
Published2026年2月20日
Last Modified2026年4月15日

Vulnerability Description

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/delpino73/Blue-Smiley-Organizer
🔗 https://www.exploit-db.com/exploits/47550
🔗 https://www.vulncheck.com/advisories/delpino-blue-smiley-organizer-sql-injection-via-datetime

相關漏洞威脅

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....

CVE-2019-1095910.0

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...