CVE-2019-25391 HIGH

CVE-2019-25391: Ashop Shopping Cart Software Lastest Latest SQL Injection via bannedcustomers.php

Vendor Ashopsoftware

Product Ashop Shopping Cart Software

Weakness CWE-89 · SQLi

Published February 22, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functions to extract sensitive database information.

Key dates

02Disclosure timeline

February 22, 2026 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25391

Related vulnerabilities

04Related CVE

CVE-2017-3181 Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query CVE-2024-8139 itsourcecode E-Commerce Website search_list.php sql injection CVE-2026-0582 itsourcecode Society Management System edit_activity_query.php sql injection CVE-2025-8922 code-projects Job Diary admin-inbox.php sql injection CVE-2025-9140 Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection