Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
ServerZilla 1.0: Unauthenticated database access via email manipulation
CVE-2018-25196
Summary
ServerZilla 1.0 has a security issue that allows anyone to access sensitive database information without logging in. This is because the software doesn't properly check the email address users enter, allowing attackers to inject malicious code. To fix this, update ServerZilla 1.0 to a patched version.
Original title
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send PO...
Original description
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authentication and extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026