{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25529", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-12T14:23:10.666Z", "datePublished": "2026-03-12T15:37:00.375Z", "dateUpdated": "2026-03-12T16:40:52.010Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:37:00.375Z"}, "datePublic": "2019-03-21T00:00:00.000Z", "title": "Placeto CMS Alpha rv.4 SQL Injection via page Parameter", "descriptions": [{"lang": "en", "value": "Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Sourceforge", "product": "Placeto CMS", "versions": [{"version": "0.4a", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46588", "name": "ExploitDB-46588", "tags": ["exploit"]}, {"url": "https://sourceforge.net/projects/placeto/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://sourceforge.net/projects/placeto/files/alpha-rv.4/placeto.zip", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Placeto CMS Alpha rv.4 SQL Injection via page Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/placeto-cms-alpha-rv-4-sql-injection-via-page-parameter"}], "credits": [{"lang": "en", "value": "Abdullah \u00c7elebi", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T16:40:38.068424Z", "id": "CVE-2019-25529", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:40:52.010Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25529", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T16:40:38.068424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:40:47.565Z"}}], "cna": {"title": "Placeto CMS Alpha rv.4 SQL Injection via page Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Abdullah \u00c7elebi"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Sourceforge", "product": "Placeto CMS", "versions": [{"status": "affected", "version": "0.4a"}]}], "datePublic": "2019-03-21T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46588", "name": "ExploitDB-46588", "tags": ["exploit"]}, {"url": "https://sourceforge.net/projects/placeto/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://sourceforge.net/projects/placeto/files/alpha-rv.4/placeto.zip", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/placeto-cms-alpha-rv-4-sql-injection-via-page-parameter", "name": "VulnCheck Advisory: Placeto CMS Alpha rv.4 SQL Injection via page Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-12T15:37:00.375Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25529", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:40:52.010Z", "dateReserved": "2026-03-12T14:23:10.666Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-12T15:37:00.375Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information."}, {"lang": "es", "value": "Placeto CMS Alpha rv.4 contiene una vulnerabilidad de inyecci\u00f3n SQL que permite a atacantes autenticados manipular consultas de base de datos inyectando c\u00f3digo SQL a trav\u00e9s del par\u00e1metro 'page'. Los atacantes pueden enviar solicitudes GET al endpoint admin/edit.php con valores 'page' maliciosos utilizando t\u00e9cnicas de ciego basado en booleanos, ciego basado en tiempo o basado en uniones para extraer informaci\u00f3n sensible de la base de datos."}], "id": "CVE-2019-25529", "lastModified": "2026-04-15T14:56:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-12T16:16:06.630", "references": [{"source": "disclosure@vulncheck.com", "url": "https://sourceforge.net/projects/placeto/"}, {"source": "disclosure@vulncheck.com", "url": "https://sourceforge.net/projects/placeto/files/alpha-rv.4/placeto.zip"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46588"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/placeto-cms-alpha-rv-4-sql-injection-via-page-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.4a"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Placeto CMS", "source": "cna", "vendor": "Sourceforge"}, "product": "placeto_cms", "vendor": "sourceforge"}], "analysis": {"en": {"generated_at": "2026-03-18T14:40:19.499465+00:00", "value": {"mitigation_remediation": ["Upgrade Placeto CMS to the latest release that addresses the SQL injection flaw. If a patch is not immediately available, restrict access to the /admin/edit.php endpoint to a limited set of trusted administrators. Apply input validation or sanitization to the 'page' parameter to block SQL injection patterns. Monitor web server and database logs for suspicious query activity and review access controls regularly."], "summary": {"action": "Immediate Patch", "impact": "Data Disclosure via SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected vendor is Sourceforge:Placeto CMS, specifically the Placeto CMS Alpha rv.4 release. No additional patch versions are provided in the data, but the vulnerability applies to all installations of this version running the admin/edit.php endpoint.", "description_and_impact": "Placeto CMS Alpha rv.4 contains an SQL injection flaw that allows authenticated users to manipulate database queries by injecting SQL code through the 'page' parameter on the admin/edit.php endpoint. The vulnerability can be exploited via boolean\u2011based blind, time\u2011based blind, or UNION\u2011based techniques to extract sensitive database information. With a CVSS score of 7.1, the impact is classified as significant data exposure and potential unauthorized data manipulation.", "risk_and_exploitability": "The attack vector is web\u2011based and requires the attacker to be authenticated to the administrative interface. Exploitation conditions include sending crafted GET requests with malicious 'page' values, which can reveal database contents through inferred query results. The EPSS score is less than 1% and the vulnerability is not listed in the KEV catalog, indicating a low current exploitation probability, yet the moderate severity CVSS score warrants timely remediation."}}}}, "created": "2026-03-13T09:51:34.555155+00:00", "updated": "2026-03-20T15:49:15.814848+00:00", "vendors": ["sourceforge", "sourceforge$PRODUCT$placeto_cms"]}