High severity7.5NVD Advisory· Published Feb 26, 2020· Updated Jun 17, 2026
CVE-2019-19986
CVE-2019-19986
Description
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Selesta/Visual Access Managerdescription
- Range: 4.15.0 - 4.29
Patches
Vulnerability mechanics
References
3- www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.htmlnvdExploitThird Party Advisory
- www.seling.it/product/vam/nvdProductVendor Advisory
- www.seling.itnvdProduct
News mentions
0No linked articles in our index yet.