High severity7.1NVD Advisory· Published Apr 12, 2026· Updated Apr 17, 2026
CVE-2019-25713
CVE-2019-25713
Description
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:myt_project:myt:1.5.1:*:*:*:*:*:*:*
- Range: =1.5.1
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/46084nvdExploitVDB Entry
- www.vulncheck.com/advisories/myt-pm-sql-injection-via-charge-group-total-parameternvdThird Party Advisory
- manageyourteam.netnvdBroken Link
- sourceforge.net/projects/myt/nvdProduct
News mentions
0No linked articles in our index yet.