Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25416: AiOPMSD Final 1.0.0 SQL Injection Risk: Unauthenticated Access to Sensitive Data
CVE-2018-25416
Summary
The AiOPMSD Final 1.0.0 software has a security weakness that allows unauthorized users to access sensitive database information, including usernames and database details, by manipulating a specific input field. This poses a risk to your data and you should update the software to fix the issue as soon as possible.
Original title
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attacke...
Original description
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extract sensitive database information including usernames, database names, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026