Description
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.
Published: 2026-03-12
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Disclosure via SQL Injection
Action: Immediate Patch
AI Analysis

Impact

Placeto CMS Alpha rv.4 contains an SQL injection flaw that allows authenticated users to manipulate database queries by injecting SQL code through the 'page' parameter on the admin/edit.php endpoint. The vulnerability can be exploited via boolean‑based blind, time‑based blind, or UNION‑based techniques to extract sensitive database information. With a CVSS score of 7.1, the impact is classified as significant data exposure and potential unauthorized data manipulation.

Affected Systems

The affected vendor is Sourceforge:Placeto CMS, specifically the Placeto CMS Alpha rv.4 release. No additional patch versions are provided in the data, but the vulnerability applies to all installations of this version running the admin/edit.php endpoint.

Risk and Exploitability

The attack vector is web‑based and requires the attacker to be authenticated to the administrative interface. Exploitation conditions include sending crafted GET requests with malicious 'page' values, which can reveal database contents through inferred query results. The EPSS score is less than 1% and the vulnerability is not listed in the KEV catalog, indicating a low current exploitation probability, yet the moderate severity CVSS score warrants timely remediation.

Generated by OpenCVE AI on March 18, 2026 at 14:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Placeto CMS to the latest release that addresses the SQL injection flaw. If a patch is not immediately available, restrict access to the /admin/edit.php endpoint to a limited set of trusted administrators. Apply input validation or sanitization to the 'page' parameter to block SQL injection patterns. Monitor web server and database logs for suspicious query activity and review access controls regularly.

Generated by OpenCVE AI on March 18, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourceforge
Sourceforge placeto Cms
Vendors & Products Sourceforge
Sourceforge placeto Cms

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.
Title Placeto CMS Alpha rv.4 SQL Injection via page Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Sourceforge Placeto Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:40:52.010Z

Reserved: 2026-03-12T14:23:10.666Z

Link: CVE-2019-25529

cve-icon Vulnrichment

Updated: 2026-03-12T16:40:47.565Z

cve-icon NVD

Status : Deferred

Published: 2026-03-12T16:16:06.630

Modified: 2026-04-15T14:56:45.970

Link: CVE-2019-25529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:15Z

Weaknesses