{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25662/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2019-25662"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","cve-2019-25662","resourcespace"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eResourceSpace 8.6 is susceptible to a critical SQL injection vulnerability (CVE-2019-25662) that allows unauthenticated attackers to execute arbitrary SQL queries. The vulnerability is located within the watched_searches.php endpoint and is triggered through the \u0026lsquo;ref\u0026rsquo; parameter in GET requests. By injecting malicious SQL code into this parameter, attackers can bypass authentication and directly interact with the database, potentially extracting sensitive information such as usernames and credentials. This vulnerability poses a significant risk as it does not require any prior authentication, making exploitation straightforward for remote attackers. ResourceSpace is an open-source digital asset management (DAM) system. Successful exploitation of this vulnerability allows attackers to potentially compromise the entire system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a ResourceSpace 8.6 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL injection payload designed to extract data or manipulate the database. This payload is injected into the \u0026lsquo;ref\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a GET request to the \u003ccode\u003e/watched_searches.php\u003c/code\u003e endpoint with the crafted SQL payload within the \u003ccode\u003eref\u003c/code\u003e parameter (e.g., \u003ccode\u003ewatched_searches.php?ref=SQL_injection_payload\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe ResourceSpace application improperly processes the attacker-supplied SQL payload without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL query is executed against the underlying database.\u003c/li\u003e\n\u003cli\u003eThe database server processes the query and returns the results to the ResourceSpace application.\u003c/li\u003e\n\u003cli\u003eThe ResourceSpace application displays the results, which may include sensitive information like usernames, passwords, or other confidential data.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the extracted sensitive data from the application\u0026rsquo;s response.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of the SQL injection vulnerability in ResourceSpace 8.6 can lead to the complete compromise of the affected system. Attackers can gain unauthorized access to sensitive data, including user credentials, financial information, and proprietary data. This could lead to financial loss, reputational damage, and legal liabilities. Given the nature of digital asset management systems, the compromised data might include valuable intellectual property or personally identifiable information (PII), potentially impacting a large number of individuals.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of ResourceSpace to remediate CVE-2019-25662.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect ResourceSpace SQL Injection Attempt\u003c/code\u003e to monitor for exploitation attempts against the \u003ccode\u003e/watched_searches.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u0026lsquo;ref\u0026rsquo; parameter within the \u003ccode\u003ewatched_searches.php\u003c/code\u003e endpoint to prevent SQL injection.\u003c/li\u003e\n\u003cli\u003eEnable web server logging and monitor for suspicious GET requests to \u003ccode\u003ewatched_searches.php\u003c/code\u003e containing unusual characters or SQL keywords.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T21:16:43Z","date_published":"2026-04-05T21:16:43Z","id":"/briefs/2026-04-resourcespace-sqli/","summary":"ResourceSpace 8.6 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries via the 'ref' parameter in GET requests to the watched_searches.php endpoint, leading to sensitive data extraction.","title":"ResourceSpace 8.6 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-resourcespace-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25662","version":"https://jsonfeed.org/version/1.1"}