Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Rmedia SMS 1.0 allows attackers to extract sensitive database information
CVE-2018-25173
Summary
Rmedia SMS 1.0 has a security weakness that lets hackers extract confidential database information without needing a password. This happens when the software receives a special kind of request with a specific code. To protect your data, update the software to the latest version or remove it if you're not using it.
Original title
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET ...
Original description
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026