CVE-2019-25539

HighPublic PoC

Published: 12 March 2026

Published

12 March 2026

Modified

16 March 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0024 46.3th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-25539 is a high-severity SQL Injection (CWE-89) vulnerability in Konradpl99 202Cms. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents blind SQL injection by requiring validation of the log_user parameter in POST requests to block malicious SQL payloads.

SI-2 Flaw Remediation good match

prevent

Ensures timely remediation of the specific SQL injection flaw in 202CMS v10 beta to eliminate the vulnerability.

RA-5 Vulnerability Monitoring and Scanning good match

preventdetect

Enables vulnerability scanning to identify and remediate SQL injection flaws like CVE-2019-25539 before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1212 Exploitation for Credential Access Credential Access

Adversaries may exploit software vulnerabilities in an attempt to collect credentials.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

Blind SQLi in public-facing CMS enables exploitation of public app (T1190), credential extraction from DB (T1212), and data collection from databases (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection…

techniques to extract sensitive database information.

Deeper analysisAI

CVE-2019-25539 is a blind SQL injection vulnerability in 202CMS v10 beta, stemming from CWE-89. The flaw resides in the log_user parameter, enabling attackers to inject malicious SQL code into database queries processed via POST requests to index.php. This affects the content management system's backend database handling, with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact, low integrity impact, and no availability disruption.

Unauthenticated remote attackers can exploit this vulnerability by crafting POST requests to index.php with time-based blind SQL injection payloads. Successful exploitation allows extraction of sensitive database information, such as user credentials or configuration data, through inference techniques that measure query response times without direct output.

Advisories and related resources include the project page at https://sourceforge.net/projects/b202cms/, a public exploit at https://www.exploit-db.com/exploits/46579, and a detailed advisory from VulnCheck at https://www.vulncheck.com/advisories/202cms-v10-beta-sql-injection-via-register-php. No patches or specific mitigation steps are detailed in the CVE description.