CMSsite 1.0 SQL Injection via category.php

Description

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.

Affected Products

Vendor	Product	Versions
victoralagwu	cmssite	1.0

References

https://www.exploit-db.com/exploits/46259(exploit)
https://github.com/VictorAlagwu/CMSsite/archive/master.zip(product)
https://www.vulncheck.com/advisories/cmssite-sql-injection-via-category-php(third-party-advisory)

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2019-25697 | VictorAlagwu CMSsite 1.0 GET Request category.php cat_id sql injection (Exploit 46259 / EDB-46259)

→ No new info (linked only)

CVSS 3.18.2 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-89

PublishedApr 12, 2026

Last enriched2h agov2

Trending Score51

Source articles2

Independent1

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited with an exploit available.

severityexploitAvailableactivelyExploited

via VulDB

v13h ago

Initial creation

CMSsite 1.0 SQL Injection via category.php

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History