CVE-2019-25578

phpTransformer 2016.9 SQL Injection via GeneratePDF.php

CVSS 8.8 HIGHEPSS 0.4%CWE-89

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract sensitive database information or manipulate queries.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Phptransformer · phpTransformer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://phptransformer.com/https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip https://www.exploit-db.com/exploits/46191 https://www.vulncheck.com/advisories/phptransformer-sql-injection-via-generatepdf-php