CVE-2019-25159

Summary

A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
mpedraza2020Intranet del Monterroso4.0affected
mpedraza2020Intranet del Monterroso4.1affected
mpedraza2020Intranet del Monterroso4.2affected
mpedraza2020Intranet del Monterroso4.3affected
mpedraza2020Intranet del Monterroso4.4affected
mpedraza2020Intranet del Monterroso4.5affected
mpedraza2020Intranet del Monterroso4.6affected
mpedraza2020Intranet del Monterroso4.7affected
mpedraza2020Intranet del Monterroso4.8affected
mpedraza2020Intranet del Monterroso4.9affected
mpedraza2020Intranet del Monterroso4.10affected
mpedraza2020Intranet del Monterroso4.11affected
mpedraza2020Intranet del Monterroso4.12affected
mpedraza2020Intranet del Monterroso4.13affected
mpedraza2020Intranet del Monterroso4.14affected
mpedraza2020Intranet del Monterroso4.15affected
mpedraza2020Intranet del Monterroso4.16affected
mpedraza2020Intranet del Monterroso4.17affected
mpedraza2020Intranet del Monterroso4.18affected
mpedraza2020Intranet del Monterroso4.19affected
mpedraza2020Intranet del Monterroso4.20affected
mpedraza2020Intranet del Monterroso4.21affected
mpedraza2020Intranet del Monterroso4.22affected
mpedraza2020Intranet del Monterroso4.23affected
mpedraza2020Intranet del Monterroso4.24affected
mpedraza2020Intranet del Monterroso4.25affected
mpedraza2020Intranet del Monterroso4.26affected
mpedraza2020Intranet del Monterroso4.27affected
mpedraza2020Intranet del Monterroso4.28affected
mpedraza2020Intranet del Monterroso4.29affected
mpedraza2020Intranet del Monterroso4.30affected
mpedraza2020Intranet del Monterroso4.31affected
mpedraza2020Intranet del Monterroso4.32affected
mpedraza2020Intranet del Monterroso4.33affected
mpedraza2020Intranet del Monterroso4.34affected
mpedraza2020Intranet del Monterroso4.35affected
mpedraza2020Intranet del Monterroso4.36affected
mpedraza2020Intranet del Monterroso4.37affected
mpedraza2020Intranet del Monterroso4.38affected
mpedraza2020Intranet del Monterroso4.39affected
mpedraza2020Intranet del Monterroso4.40affected
mpedraza2020Intranet del Monterroso4.41affected
mpedraza2020Intranet del Monterroso4.42affected
mpedraza2020Intranet del Monterroso4.43affected
mpedraza2020Intranet del Monterroso4.44affected
mpedraza2020Intranet del Monterroso4.45affected
mpedraza2020Intranet del Monterroso4.46affected
mpedraza2020Intranet del Monterroso4.47affected
mpedraza2020Intranet del Monterroso4.48affected
mpedraza2020Intranet del Monterroso4.49affected
mpedraza2020Intranet del Monterroso4.50affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References