PatchSiren cyber security CVE debrief
CVE-2019-25726 Nicheoffice CVE debrief
CVE-2019-25726 is a HIGH-severity vulnerability (CVSS Score: 8.8) affecting All in One Video Downloader 1.2. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id parameter to extract sensitive database information, including usernames, databases, and version details.
- Vendor
- Nicheoffice
- Product
- All in One Video Downloader
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of All in One Video Downloader 1.2, administrators of systems where the software is installed, and security teams responsible for vulnerability management.
Technical summary
The vulnerability is caused by inadequate input validation and sanitization of user-supplied input in the id parameter. This allows attackers to inject malicious SQL code, potentially leading to data breaches, unauthorized data modifications, and other malicious activities.
Defensive priority
HIGH
Recommended defensive actions
- Update All in One Video Downloader to a version that is not vulnerable.
- Implement input validation and sanitization for user-supplied input in the id parameter.
- Monitor the admin interface for suspicious activity and implement logging and alerting mechanisms.
Evidence notes
The CVE record and NVD detail pages provide information on the vulnerability, including its CVSS score, description, and references.
Official resources
CVE-2019-25726 was published on 2019-04-09T00:00:00.000Z and modified on 2019-04-09T00:00:00.000Z.