Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25333: Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 allows unauthorized database access
CVE-2018-25333
Summary
An attacker can access sensitive information and bypass security checks without a password by submitting malicious data through the login form. This affects the Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0. To fix this, update the software to a version that has the SQL injection vulnerability patched.
Original title
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through th...
Original description
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloads in the login field to extract sensitive database information and bypass authentication mechanisms.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 17 May 2026 · Updated: 30 May 2026 · First seen: 17 May 2026