High severity8.8NVD Advisory· Published Feb 10, 2020· Updated Jun 17, 2026
CVE-2019-20059
CVE-2019-20059
Description
payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MFScripts/YetiSharedescription
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.