CVE-2019-25680 HIGH

CVE-2019-25680: Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Vendor Phpscriptsmall

Product Advance Gift Shop Pro Script

Weakness CWE-89 · SQLi

Published April 5, 2026

Last update April 6, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.

Key dates

02Disclosure timeline

April 5, 2026 CVE published

April 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25680 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2019-25680: Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

01Description

02Disclosure timeline

03References

04Related CVE