SQL Injection Vulnerability in AiOPMSD Final by SourceForge
CVE-2018-25415
8.8HIGH
What is CVE-2018-25415?
AiOPMSD Final 1.0.0 contains a vulnerability that enables unauthorized individuals to execute arbitrary SQL commands via the director parameter in GET requests to director.php. This vulnerability permits attackers to manipulate the SQL queries, potentially allowing them to access sensitive database information, such as usernames, database names, and version details. Proper validation of user input and implementing prepared statements are critical in mitigating this security risk.
Affected Version(s)
AiOPMSD Final 1.0.0
References
CVSS V4
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Ihsan Sencan