Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Inventory Webapp SQL Injection: Unauthenticated Data Manipulation
CVE-2019-25443
Summary
The Inventory Webapp is vulnerable to a security risk that allows anyone to access and manipulate data without a login. This could lead to sensitive information being compromised or incorrect data being added to the system. Update the affected software as soon as possible to prevent unauthorized access.
Original title
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply mali...
Original description
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat_id parameters to add-item.php to execute arbitrary database commands.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026