CVE-2019-25159 MEDIUM

CVE-2019-25159: mpedraza2020 Intranet del Monterroso cargos.php sql injection

Vendor Mpedraza2020
Product Intranet del Monterroso
Weakness CWE-89 · SQLi
Published February 4, 2024
Last update May 15, 2025
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability.

Key dates

02Disclosure timeline

February 4, 2024 CVE published
May 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11409 Campcodes Advanced Online Voting Management System index.php sql injection CVE-2025-43022 Poly Clariti Manager - Multiple Security Vulnerabilities CVE-2024-10139 code-projects Pharmacy Management System add_new_supplier.php sql injection CVE-2025-1381 code-projects Real Estate Property Management System ajax_city.php sql injection CVE-2025-13652 CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter