VYPR
High severity8.2NVD Advisory· Published Mar 21, 2026· Updated Apr 15, 2026

CVE-2019-25575

CVE-2019-25575

Description

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:simplepresscms:simplepress_cms:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:simplepresscms:simplepress_cms:*:*:*:*:*:*:*:*range: <=1.0.7
    • (no CPE)range: =1.0.7

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.