{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25707", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-12T12:13:51.215Z", "datePublished": "2026-04-12T12:28:52.833Z", "dateUpdated": "2026-04-13T17:28:35.299Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-12T12:28:52.833Z"}, "datePublic": "2019-01-10T00:00:00.000Z", "title": "eBrigade ERP 4.5 SQL Injection via pdf.php", "descriptions": [{"lang": "en", "value": "eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Ebrigade", "product": "eBrigade ERP", "versions": [{"version": "4.5", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46117", "name": "ExploitDB-46117", "tags": ["exploit"]}, {"url": "https://ebrigade.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade_4.5.zip", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: eBrigade ERP 4.5 SQL Injection via pdf.php", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ebrigade-erp-sql-injection-via-pdf-php"}], "credits": [{"lang": "en", "value": "Ihsan Sencan", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T17:28:29.236848Z", "id": "CVE-2019-25707", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T17:28:35.299Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25707", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T17:28:29.236848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T17:28:32.254Z"}}], "cna": {"title": "eBrigade ERP 4.5 SQL Injection via pdf.php", "credits": [{"lang": "en", "type": "finder", "value": "Ihsan Sencan"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Ebrigade", "product": "eBrigade ERP", "versions": [{"status": "affected", "version": "4.5"}]}], "datePublic": "2019-01-10T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46117", "name": "ExploitDB-46117", "tags": ["exploit"]}, {"url": "https://ebrigade.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade_4.5.zip", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ebrigade-erp-sql-injection-via-pdf-php", "name": "VulnCheck Advisory: eBrigade ERP 4.5 SQL Injection via pdf.php", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-12T12:28:52.833Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25707", "state": "PUBLISHED", "dateUpdated": "2026-04-13T17:28:35.299Z", "dateReserved": "2026-04-12T12:13:51.215Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-12T12:28:52.833Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details."}], "id": "CVE-2019-25707", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-12T13:16:33.627", "references": [{"source": "disclosure@vulncheck.com", "url": "https://ebrigade.net/"}, {"source": "disclosure@vulncheck.com", "url": "https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade_4.5.zip"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46117"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ebrigade-erp-sql-injection-via-pdf-php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.5"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 89.0, "source": "matching"}]}, "original": {"product": "eBrigade ERP", "source": "cna", "vendor": "Ebrigade"}, "product": "ebrigade", "vendor": "ebrigade"}], "analysis": {"en": {"generated_at": "2026-04-12T13:51:23.579982+00:00", "value": {"mitigation_remediation": ["Update eBrigade ERP to the latest available version or apply the vendor\u2019s official patch that addresses the pdf.php SQL injection.", "If an immediate patch is not available, restrict access to pdf.php by permission or deny the endpoint to users who do not require it.", "Ensure user accounts used by the application have least privilege, reducing the potential impact of a compromised account.", "Monitor application logs for unusual GET requests to pdf.php or abnormal database activity and investigate promptly."], "summary": {"action": "Apply Patch", "impact": "SQL injection available to authenticated attackers allowing arbitrary database queries"}, "threat_synthesis": {"affected_systems": "Only eBrigade ERP version 4.5 is documented as vulnerable. The problem resides in the pdf.php component of that release; no other product variants or later releases are indicated as affected.", "description_and_impact": "A flaw in eBrigade ERP 4.5\u2019s pdf.php file enables an authenticated user to inject malicious SQL into the id parameter, allowing the execution of arbitrary queries. The vulnerability can expose sensitive database content, alter data, or serve as a foothold for further attacks. The weakness is a classic SQL injection, classified as CWE\u201189. The attack directly threatens the confidentiality and integrity of data controlled by the application.", "risk_and_exploitability": "The CVSS score of 7.1 signals a high-severity issue. No EPSS value is available and the vulnerability is not listed in the CISA KEV catalog, implying no widespread exploitation is known. Attackers must first authenticate to the application to access pdf.php; once authenticated, a crafted GET request with malicious SQL can be sent to retrieve or modify database information. The exploitation process requires moderate effort but offers significant payoff, making the threat appreciable."}}}}, "created": "2026-04-13T12:38:24.857369+00:00", "updated": "2026-04-13T12:55:50.564450+00:00", "vendors": ["ebrigade", "ebrigade$PRODUCT$ebrigade"]}