Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25414: AiOPMSD Final 1.0.0: Unauthenticated SQL Code Injection via Actor Parameter
CVE-2018-25414
Summary
The AiOPMSD Final 1.0.0 software is at risk of unauthorized access to sensitive database information. This means attackers can potentially steal usernames, database names, and other details without needing a password. To protect your data, update to a secure version of AiOPMSD Final or apply a patch if one is available.
Original title
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers...
Original description
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract sensitive database information including usernames, database names, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026