CVE-2019-25693 HIGH

CVE-2019-25693: ResourceSpace 8.6 SQL Injection via collection_edit.php

Vendor Resourcespace

Product ResourceSpace

Weakness CWE-352 · CSRF

Published April 12, 2026

Last update April 13, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

Key dates

Disclosure timeline

April 12, 2026 CVE published

April 13, 2026 Record updated