PatchSiren cyber security CVE debrief
CVE-2019-25732 eitube CVE debrief
CVE-2019-25732 is a HIGH-severity vulnerability with a CVSS score of 8.8. The vulnerability exists in PHP EI-Tube Script 3 and allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to extract sensitive database information, including usernames, passwords, and version details.
- Vendor
- eitube
- Product
- EI-Tube
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of PHP EI-Tube Script 3 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of input validation in the search parameter, allowing attackers to inject malicious SQL code. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to PHP EI-Tube Script 3 to fix the SQL injection vulnerability.
- Use prepared statements or parameterized queries to prevent SQL injection attacks.
- Validate and sanitize user input to prevent malicious code injection.
Evidence notes
The vendor and product information for this vulnerability is not well-defined. The CVE record and NVD detail pages provide more information about the vulnerability.
Official resources
CVE-2019-25732 was published on 2019-04-09T00:00:00.000Z and modified on 2019-04-09T00:00:00.000Z.