June 5, 2026

CVE Watchtower


← Back to CVE List

CVE-2018-25420NVD

Vulnerability Summary

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
Severity Level
HIGH(8.2)
Published Date
May 30, 2026
Last Modified
Jun 1, 2026
Exploitation Status
UNKNOWN
Root Weakness (CWE)
N/A
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityLow
AvailabilityNone

External References