CVE-2019-25693

HIGH

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

CVSS v3.1 Score

7.1
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE
Published: 4/12/2026Modified: 4/17/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2019-25693 — ResourceSpace 8.6 contains an SQL injection vulnerability that allows authentica...

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential

CVE-2019-25693
NIST NVD

References (4)

https://www.exploit-db.com/exploits/46274ExploitVDB Entryhttps://www.resourcespace.com/Producthttps://www.resourcespace.com/getProducthttps://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-phpThird Party Advisory