CVE-2019-25713P3HIGHCVSS 8.1v1.5.12026-04-12
CVE-2019-25713 [HIGH] CWE-89 CVE-2019-25713: MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive databa
nvd