CVE-2019-25726
Description
SQL injection in All in One Video Downloader 1.2 allows unauthenticated attackers to extract sensitive database information via the id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in All in One Video Downloader 1.2 allows unauthenticated attackers to extract sensitive database information via the id parameter.
Vulnerability
All in One Video Downloader version 1.2 contains an SQL injection vulnerability. This flaw exists in the id parameter, which can be manipulated by attackers to inject malicious SQL code. The vulnerability is reachable through the admin interface [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending crafted requests to the admin interface. By injecting UNION-based SQL injection payloads into the id parameter, an attacker can execute arbitrary SQL queries [1].
Impact
Successful exploitation allows an attacker to extract sensitive database information. This includes details such as usernames, database names, and version information. The scope of the compromise is limited to the data accessible via the SQL injection [1].
Mitigation
No specific patch or fixed version has been disclosed in the available references. Users are advised to consult the vendor for potential updates or workarounds. This vulnerability has not been listed on the KEV catalog as of the current date [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.