Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25413: AiOPMSD Final 1.0.0 SQL Injection Risk: Unauthorized Data Exposure
CVE-2018-25413
Summary
AiOPMSD Final 1.0.0 has a security issue that allows attackers to access sensitive information without permission. This means that attackers can potentially see usernames, database names, and other important details. To protect your data, it's recommended to update to a fixed version of AiOPMSD or apply a patch as soon as possible.
Original title
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers c...
Original description
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026