CVE-2019-25713
HIGH WAF: High
CVSS 8.1
Published: 2026-04-12
CWE-89
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| myt_project | myt | 1.5.1 |
References
- manageyourteam.net (Broken Link)
- sourceforge.net (Product)
- www.exploit-db.com (Exploit, VDB Entry)
- www.vulncheck.com (Third Party Advisory)