PatchSiren cyber security CVE debrief
CVE-2019-25730 Themerig CVE debrief
CVE-2019-25730 is a SQL injection vulnerability in Listing Hub CMS 1.0. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter in pages.php. Attackers can exploit this vulnerability by sending GET requests with crafted id values using error-based SQL injection techniques to extract database credentials, usernames, and version information.
- Vendor
- Themerig
- Product
- Listing Hub CMS
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of Listing Hub CMS 1.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 8.8 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
high
Recommended defensive actions
- Update Listing Hub CMS to a version that is not vulnerable.
- Use prepared statements to prevent SQL injection attacks.
- Limit access to pages.php to only authorized users.
Evidence notes
The vendor and product information is not confirmed, but there is a reference to Codecanyon, which may be related to the affected product.
Official resources
CVE-2019-25730 was published on 2019-04-09T00:00:00.000Z and modified on 2019-04-09T00:00:00.000Z.