Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Net-Billetterie 2.9: Unauthenticated Users Can Access Sensitive Data
CVE-2018-25167
Summary
An issue in Net-Billetterie 2.9 allows attackers to access sensitive information without logging in. This is a serious security risk because it allows unauthorized access to database data, including user credentials. To protect your system, update to the latest version of Net-Billetterie or consider replacing it with a more secure alternative.
Original title
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit mali...
Original description
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames, passwords, and system credentials.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026