High severity8.2NVD Advisory· Published Jun 4, 2026· Updated Jun 4, 2026

CVE-2019-25732

Description

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to extract sensitive database information including usernames, passwords, and version details.

Affected products

EI Tube Script/EI-Tube Scriptllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912nvd
www.exploit-db.com/exploits/46440nvd
www.vulncheck.com/advisories/php-ei-tube-script-3-sql-injection-via-search-parameternvd

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000