Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Tina4 Stack 1.0.3: Unauthenticated Access to Sensitive Database Files and SQL Injection
CVE-2018-25187
Summary
The Tina4 Stack version 1.0.3 has a security issue that allows hackers to access sensitive data and control the database. This means that unauthorized users can potentially see confidential user information and manipulate the database. Update to the latest version of Tina4 Stack to protect your system.
Original title
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.d...
Original description
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026