Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
202CMS v10 beta: Unauthenticated SQL Injection Risk
CVE-2019-25538
Summary
If you use 202CMS v10 beta, an attacker can access and modify sensitive database information without a password. This is a serious risk because it allows unauthorized access to your database. Update to a patched version of 202CMS as soon as possible to prevent this risk.
Original title
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send...
Original description
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send crafted requests with malicious SQL statements in the log_user field to extract sensitive database information or modify database contents.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026