Freesms Project

freesms_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Freesms

freesms

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-25506 1Freesms Project 1Freesms Mar 9, 2026 Mar 4, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attacker...Show more FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handler.php?method=login to authenticate as any known user and subsequently modify their password via the profile update function.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-25506

1Freesms Project

1Freesms

Mar 9, 2026

Mar 4, 2026

8.8 HIGH· v4

9.8 CRITICAL· v3

N/A· v2

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handler.php?method=login to authenticate as any known user and subsequently modify their password via the profile update function.Show less