Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Pedidos 1.0 allows attackers to access sensitive database info
CVE-2018-25172
Summary
The Pedidos 1.0 software has a security weakness that allows unauthorized users to access sensitive information about your database. This means they can potentially see the layout of your database and its contents. You should update to a fixed version of Pedidos to prevent this.
Original title
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send ...
Original description
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/load_proveedores.php endpoint with crafted SQL payloads to extract sensitive database information including schema names and table structures.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026