CVE-2019-25693

HIGH NVD

CVSS Score 7.1

Severity HIGH

Published Apr 12, 2026

Vendor unknown

Description

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

References

https://www.exploit-db.com/exploits/46274
https://www.resourcespace.com/
https://www.resourcespace.com/get
https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php