Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25419: AiOPMSD Final 1.0.0 Genre Parameter SQL Injection
CVE-2018-25419
Summary
The genre parameter in AiOPMSD Final 1.0.0 allows attackers to extract sensitive database information, including usernames, database names, and version details. This is a serious security risk because it lets anyone access confidential data without needing a password. To fix this, update to a secure version of AiOPMSD Final or apply the necessary patches.
Original title
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers...
Original description
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract sensitive database information including usernames, database names, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026