Description
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.
Published: 2026-03-24
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection – risk of database compromise and potential denial of service
Action: Patch Immediately
AI Analysis

Impact

This vulnerability is a classic SQL injection that occurs through the 'id' parameter in addclick.php, allowing attackers to execute arbitrary SQL queries. By sending specially crafted GET requests, an unauthenticated attacker can retrieve sensitive data or disrupt service. The weakness aligns with CWE-89. The impact includes potential data exfiltration, unauthorized data modification, and service interruption.

Affected Systems

The flaw affects Meeplace Business Review Script, a product developed by Meeplace. No specific version range is listed in the CNA data, so any installation that includes the addclick.php endpoint may be susceptible.

Risk and Exploitability

The CVSS base score is 7.1, indicating a high severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting it may not have been widely exploited yet. Attackers can launch the exploitation remotely over HTTP by supplying payloads in the 'id' query string. The attack does not require authentication, making it easily actionable by public threat actors.

Generated by OpenCVE AI on March 24, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether the Meeplace Business Review Script version is current; if an update or patch addressing the SQL injection is published, apply it immediately.
  • If a patch is not available, restrict direct web access to addclick.php by placing it behind authentication or disabling the endpoint entirely.
  • Implement input validation and escaping on the 'id' parameter to prevent injection, following secure coding practices.
  • Monitor web server logs for suspicious GET requests containing SQL patterns and raise alerts.
  • Perform routine vulnerability scanning of the application to detect similar injection flaws.

Generated by OpenCVE AI on March 24, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Meeplace
Meeplace meeplace Business Review Script
Vendors & Products Meeplace
Meeplace meeplace Business Review Script

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.
Title Meeplace Business Review Script Lastest SQL Injection via addclick.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Meeplace Meeplace Business Review Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T12:39:30.612Z

Reserved: 2026-03-24T11:03:30.930Z

Link: CVE-2019-25638

cve-icon Vulnrichment

Updated: 2026-03-26T12:39:27.149Z

cve-icon NVD

Status : Deferred

Published: 2026-03-24T12:16:04.780

Modified: 2026-04-15T15:00:32.790

Link: CVE-2019-25638

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:39:33Z

Weaknesses