Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
NoviSmart CMS Allows Malicious Requests to Access Database
CVE-2019-25439
Summary
The NoviSmart CMS has a security weakness that lets hackers access sensitive information or crash the system by sending specially crafted requests. This means that attackers can potentially steal sensitive data or disrupt your website. To protect your site, update NoviSmart CMS to the latest version or apply a patch, and make sure to monitor your website for any suspicious activity.
Original title
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can ...
Original description
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive database information or cause denial of service.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026