CVE-2019-25693
published 2026-04-12CVE-2019-25693: ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code…
PriorityP344high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
EPSS
0.16%
5.5th percentile
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| montala | resourcespace | — | — |
| resourcespace | resourcespace | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ResourceSpace up to 8.6 collection_edit.php keywords cross-site request forgery (Exploit 46274 / EDB-46274)
vuldb·2026-04-12·CVSS 7.1
CVE-2019-25693 [HIGH] ResourceSpace up to 8.6 collection_edit.php keywords cross-site request forgery (Exploit 46274 / EDB-46274)
A vulnerability marked as problematic has been reported in ResourceSpace up to 8.6. The affected element is an unknown function of the file collection_edit.php. The manipulation of the argument keywords leads to cross-site request forgery.
This vulnerability is documented as CVE-2019-25693. The attack can be initiated remotely. Additionally, an exploit exists.
GHSA
GHSA-p77x-289r-9c4x: ResourceSpace 8
ghsa_unreviewed·2026-04-12
CVE-2019-25693 [HIGH] CWE-352 GHSA-p77x-289r-9c4x: ResourceSpace 8
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-12
Published