CVE-2019-25693

HIGH

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.

CVSS v3.1 Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Published: 4/12/2026Modified: 4/17/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (4)

https://www.exploit-db.com/exploits/46274ExploitVDB Entry https://www.resourcespace.com/Product https://www.resourcespace.com/getProduct https://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-phpThird Party Advisory