CVE-2019-25730
Description
Listing Hub CMS 1.0 has a SQL injection vulnerability in pages.php that allows unauthenticated attackers to extract sensitive database information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Listing Hub CMS 1.0 has a SQL injection vulnerability in pages.php that allows unauthenticated attackers to extract sensitive database information.
Vulnerability
Listing Hub CMS version 1.0 contains a SQL injection vulnerability within the pages.php script. Unauthenticated attackers can exploit this by injecting malicious code into the id parameter via GET requests. This vulnerability allows for error-based SQL injection techniques to be used [1].
Exploitation
An attacker can exploit this vulnerability by sending crafted GET requests to pages.php with malicious values in the id parameter. No authentication is required, and the attacker only needs network access to the vulnerable CMS instance [1].
Impact
Successful exploitation allows an attacker to execute arbitrary SQL queries. This can lead to the extraction of sensitive information such as database credentials, usernames, and version information. The scope of the compromise is limited to the database accessible by the CMS application [1].
Mitigation
No patch or fixed version information is available in the provided references. Users are advised to monitor for updates from the vendor. As of the publication of this advisory, there is no known workaround [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: = 1.0
- Range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.