{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25675/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2019-25675"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["sqli","edirectory","cve-2019-25675"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2019-25675 describes multiple SQL injection vulnerabilities affecting eDirectory. An unauthenticated attacker can exploit these vulnerabilities to bypass administrator authentication and disclose sensitive files. The vulnerability lies in the \u003ccode\u003ekey\u003c/code\u003e parameter of the login endpoint. By injecting SQL code, specifically a UNION-based SQL injection, an attacker can authenticate as an administrator. After successful authentication, the attacker can then exploit file disclosure vulnerabilities in the \u003ccode\u003elanguage_file.php\u003c/code\u003e script to read arbitrary PHP files from the server, potentially exposing sensitive configuration data or credentials. This vulnerability poses a significant risk as it allows unauthorized access and data exfiltration without requiring any prior authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a crafted HTTP request to the login endpoint of eDirectory.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003ekey\u003c/code\u003e parameter within the request, using a UNION-based SQL injection technique.\u003c/li\u003e\n\u003cli\u003eThe eDirectory server improperly processes the SQL injection, allowing the attacker to bypass authentication and gain administrator privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker, now authenticated as an administrator, sends a request to the \u003ccode\u003elanguage_file.php\u003c/code\u003e script.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits a file disclosure vulnerability in the \u003ccode\u003elanguage_file.php\u003c/code\u003e script by manipulating input parameters.\u003c/li\u003e\n\u003cli\u003eThe server, due to the vulnerability, reads the arbitrary PHP file specified by the attacker.\u003c/li\u003e\n\u003cli\u003eThe server returns the contents of the requested PHP file to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the disclosed PHP file, potentially revealing sensitive information such as database credentials or configuration details.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2019-25675 allows unauthenticated attackers to gain complete control over the affected eDirectory instance. This can lead to the exfiltration of sensitive data, including user credentials and configuration information. While the specific number of victims is not stated, the potential impact is high considering the widespread use of eDirectory in various sectors. A successful attack could compromise the confidentiality and integrity of critical systems and data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates for eDirectory to address the SQL injection vulnerabilities described in CVE-2019-25675.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect eDirectory language_file.php File Disclosure\u003c/code\u003e to detect attempts to exploit the file disclosure vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect eDirectory SQL Injection Attempt\u003c/code\u003e to detect SQL injection attempts against the login endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to the login endpoint (\u003ccode\u003e/login\u003c/code\u003e) and \u003ccode\u003elanguage_file.php\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T21:16:45Z","date_published":"2026-04-05T21:16:45Z","id":"/briefs/2026-04-edirectory-sqli/","summary":"Unauthenticated attackers can exploit SQL injection vulnerabilities in eDirectory (CVE-2019-25675) to bypass administrator authentication and disclose sensitive files.","title":"eDirectory SQL Injection Vulnerability (CVE-2019-25675)","url":"https://feed.craftedsignal.io/briefs/2026-04-edirectory-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25675","version":"https://jsonfeed.org/version/1.1"}