High severity8.2NVD Advisory· Published Apr 5, 2026· Updated Apr 20, 2026

CVE-2019-25676

Description

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information.

Affected products

Phpscriptsmall/Ask Expert Script
cpe:2.3:a:phpscriptsmall:ask_expert_script:3.0.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46426nvdExploitVDB Entry
www.vulncheck.com/advisories/ask-expert-script-cross-site-scripting-sql-injectionnvdThird Party Advisory
www.phpscriptsmall.comnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000