Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
XOOPS CMS 2.5.9: Unauthorized access to sensitive database info
CVE-2019-25433
Summary
XOOPS CMS version 2.5.9 has a security weakness that lets hackers access and steal sensitive information from your database without needing a password. This is a serious issue because it allows attackers to access confidential data. To protect your site, update to the latest version of XOOPS CMS.
Original title
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET ...
Original description
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar_pdf.php endpoint with malicious cid values to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026