CVE-2019-25578

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-25578
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract sensitive database information or manipulate queries.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://phptransformer.com/ Product
https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip Broken Link
https://www.exploit-db.com/exploits/46191 Exploit VDB Entry
https://www.vulncheck.com/advisories/phptransformer-sql-injection-via-generatepdf-php Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:codnloc:phptransformer:2016.9:*:*:*:*:*:*:*
History

26 Mar 2026, 17:16

Type Values Removed Values Added
Summary
  • (es) phpTransformer 2016.9 contiene una vulnerabilidad de inyección SQL que permite a atacantes remotos ejecutar consultas SQL arbitrarias mediante la inyección de código malicioso a través del parámetro idnews. Los atacantes pueden enviar solicitudes GET manipuladas a GeneratePDF.php con cargas útiles SQL en el parámetro idnews para extraer información sensible de la base de datos o manipular consultas.
CWE CWE-22

23 Mar 2026, 17:05

Type Values Removed Values Added
CPE cpe:2.3:a:codnloc:phptransformer:2016.9:*:*:*:*:*:*:*
First Time Codnloc phptransformer
Codnloc
References () http://phptransformer.com/ - () http://phptransformer.com/ - Product
References () https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip - () https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip - Broken Link
References () https://www.exploit-db.com/exploits/46191 - () https://www.exploit-db.com/exploits/46191 - Exploit, VDB Entry
References () https://www.vulncheck.com/advisories/phptransformer-sql-injection-via-generatepdf-php - () https://www.vulncheck.com/advisories/phptransformer-sql-injection-via-generatepdf-php - Third Party Advisory
CWE CWE-89

21 Mar 2026, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-21 16:16

Updated : 2026-03-26 17:16

NVD link : CVE-2019-25578

Mitre link : CVE-2019-25578

CVE.ORG link : CVE-2019-25578

JSON object : View

Products Affected

codnloc

  • phptransformer
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')