SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
PUBLISHED5.2CWE-89
SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
Problem type
Affected products
Sourceforge
SimplePress CMS
1.0.7 - AFFECTED
References
ExploitDB-46235
https://www.exploit-db.com/exploits/46235
Official Product Homepage
https://sourceforge.net/projects/simplepresscms/
Product Reference
https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip
VulnCheck Advisory: SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25575Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25575",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-03-21T15:30:33.799Z",
"dateReserved": "2026-03-21T15:23:49.617Z",
"datePublished": "2026-03-21T15:30:33.799Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-03-21T15:30:33.799Z"
},
"title": "SimplePress CMS 1.0.7 SQL Injection via p and s Parameters",
"descriptions": [
{
"lang": "en",
"value": "SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details."
}
],
"affected": [
{
"vendor": "Sourceforge",
"product": "SimplePress CMS",
"versions": [
{
"version": "1.0.7",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/46235",
"name": "ExploitDB-46235",
"tags": [
"exploit"
]
},
{
"url": "https://sourceforge.net/projects/simplepresscms/",
"name": "Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7_alpha.zip",
"name": "Product Reference",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/simplepress-cms-sql-injection-via-p-and-s-parameters",
"name": "VulnCheck Advisory: SimplePress CMS 1.0.7 SQL Injection via p and s Parameters",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan",
"type": "finder"
}
]
}
}
}