CVE-2019-25713 — HIGH (7.1)

Vulnerability Description

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Myt Project	Myt	1.5.1

Related Weaknesses (CWE)

CWE-89

References

https://manageyourteam.net/Broken Link
https://sourceforge.net/projects/myt/Product
https://www.exploit-db.com/exploits/46084ExploitVDB Entry
https://www.vulncheck.com/advisories/myt-pm-sql-injection-via-charge-group-totalThird Party Advisory

FAQ

What is CVE-2019-25713?

CVE-2019-25713 is a vulnerability with a CVSS score of 7.1 (HIGH). MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attacke...

How severe is CVE-2019-25713?

CVE-2019-25713 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-25713?

Check the references section above for vendor advisories and patch information. Affected products include: Myt Project Myt.