High severity7.1NVD Advisory· Published Apr 12, 2026· Updated Apr 17, 2026
CVE-2019-25703
CVE-2019-25703
Description
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:impresscms:impresscms:1.3.11:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:impresscms:impresscms:1.3.11:*:*:*:*:*:*:*
- (no CPE)range: =1.3.11
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/46239nvdExploitThird Party AdvisoryVDB Entry
- www.vulncheck.com/advisories/impresscms-sql-injection-via-bid-parameternvdThird Party Advisory
- www.impresscms.orgnvdProduct
- sourceforge.net/projects/impresscms/files/v1.3.11/impresscms_1.3.11.zipnvdProduct
News mentions
0No linked articles in our index yet.