What is CVE-2019-25580?

CVE-2019-25580 is a high-severity vulnerability in Owndms, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.2/10. Published 2026-03-21.

How severe is CVE-2019-25580?

High severity. CVSS v3 base score is 8.2 out of 10.

Arbitrary file upload in Owndms

CVE-2019-25580

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream…

Vulnerability class: Unrestricted File Upload

EPSS: 0.001 (20.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Owndms — versions 4.7

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

ExploitDB-46168 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php (third-party-advisory)

Frequently asked questions

What is CVE-2019-25580?: CVE-2019-25580 is a high-severity vulnerability in Owndms, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.2/10. Published 2026-03-21.
How severe is CVE-2019-25580?: High severity. CVSS v3 base score is 8.2 out of 10.