Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Placeto CMS Alpha rv.4: Malicious Database Access Through Admin Panel
CVE-2019-25529
Summary
The Placeto CMS Alpha version 4 has a security flaw that lets attackers who are logged in to the admin panel access sensitive database information. This can happen when an attacker sends a specific type of request to the admin panel. To fix this, update to a patched version of Placeto CMS as soon as possible.
Original title
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can s...
Original description
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.
nvd CVSS3.1
7.1
nvd CVSS4.0
7.1
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026