CVE-2019-25529 HIGH

CVE-2019-25529: Placeto CMS Alpha rv.4 SQL Injection via page Parameter

Vendor Sourceforge
Product Placeto CMS
Weakness CWE-89 · SQLi
Published March 12, 2026
Last update March 12, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.

Key dates

02Disclosure timeline

March 12, 2026 CVE published
March 12, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-11244 code-projects Farmacia editar-cliente.php sql injection CVE-2023-5587 SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection CVE-2024-32098 WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Auth. SQL Injection (SQLi) vulnerability CVE-2023-35720 ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability CVE-2025-6489 itsourcecode Agri-Trading Online Shopping System transactionsave.php sql injection