Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
202CMS v10 beta: Unauthenticated Database Data Exposure
CVE-2019-25539
Summary
An attacker can access your 202CMS database without a password and see sensitive information by sending a special request to the website. This is a serious issue that needs to be fixed as soon as possible. Update 202CMS to the latest version or patch the vulnerability to prevent unauthorized access to your database.
Original title
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can...
Original description
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026