{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25703/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2019-25703"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","impresscms","cve-2019-25703"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eImpressCMS is an open-source content management system. Version 1.3.11 is vulnerable to a time-based blind SQL injection vulnerability (CVE-2019-25703). An authenticated attacker can exploit this vulnerability by injecting malicious SQL code into the \u0026lsquo;bid\u0026rsquo; parameter. Successful exploitation allows the attacker to manipulate database queries, potentially leading to the extraction of sensitive information. This vulnerability requires authentication, limiting the scope of potential attackers, but the impact can be severe if exploited successfully. The vulnerability was reported and disclosed in April 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the ImpressCMS application with valid credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request targeting the \u003ccode\u003eadmin.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the \u003ccode\u003ebid\u003c/code\u003e parameter containing SQL injection payload designed to cause a time delay.\u003c/li\u003e\n\u003cli\u003eThe ImpressCMS application processes the POST request without proper sanitization of the \u003ccode\u003ebid\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the underlying database, causing a time-based delay.\u003c/li\u003e\n\u003cli\u003eThe attacker monitors the response time to confirm successful injection.\u003c/li\u003e\n\u003cli\u003eThe attacker refines the SQL injection payload to extract sensitive information from the database using techniques like \u003ccode\u003eSLEEP()\u003c/code\u003e and conditional queries.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates the sensitive data obtained from the database.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to read sensitive data from the ImpressCMS database. This may include user credentials, configuration details, and other confidential information. While the exploit requires authentication, a successful attack could lead to complete compromise of the application and its data, potentially impacting all users and the integrity of the website. The CVSS v3.1 score of 7.1 reflects the high potential impact of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the necessary patches or upgrade to a version of ImpressCMS that addresses CVE-2019-25703 to remediate the SQL injection vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect malicious POST requests containing SQL injection attempts targeting the \u003ccode\u003eadmin.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003ebid\u003c/code\u003e parameter within the ImpressCMS application to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003eadmin.php\u003c/code\u003e with unusual parameters, as this can be an indicator of exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview and restrict access to the \u003ccode\u003eadmin.php\u003c/code\u003e endpoint to only authorized users to minimize the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-12T13:16:33Z","date_published":"2026-04-12T13:16:33Z","id":"/briefs/2026-04-impresscms-sqli/","summary":"ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability allowing authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter via POST requests to the admin.php endpoint.","title":"ImpressCMS 1.3.11 Time-Based Blind SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-impresscms-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25703","version":"https://jsonfeed.org/version/1.1"}