Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25415: AiOPMSD Final 1.0.0 SQL injection risk through director parameter
CVE-2018-25415
Summary
AiOPMSD Final 1.0.0 has a security weakness that lets hackers access sensitive information without needing a login. This can happen if a hacker sends a special kind of request to the director.php page with malicious code. To stay safe, update AiOPMSD Final 1.0.0 to a patched version or replace it with a secure alternative.
Original title
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attack...
Original description
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to extract sensitive database information including usernames, database names, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026