CVE-2019-25707 HIGH

CVE-2019-25707: eBrigade ERP 4.5 SQL Injection via pdf.php

Vendor Ebrigade

Product eBrigade ERP

Weakness CWE-89 · SQLi

Published April 12, 2026

Last update April 13, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.

Key dates

Disclosure timeline

April 12, 2026 CVE published

April 13, 2026 Record updated