Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Data Center Audit 2.6.2: Unauthorized Access to Sensitive Database Info
CVE-2018-25189
Summary
The Data Center Audit software version 2.6.2 has a security weakness that lets an attacker get sensitive database information without needing a login. This could happen when a user submits special input to the login page. To fix this, update to a newer version of Data Center Audit that has this issue resolved.
Original title
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can subm...
Original description
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including usernames, database names, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026