CVE Catalog

CVE-2018-25379

High
Published: Translated: NVD NIST

Summary

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

Risk Assessment

This vulnerability may lead to the exposure of sensitive data from the database, posing a serious security threat to the organization. Attackers can exploit this flaw to perform unauthorized operations on the data.

Recommendation

It is recommended to update to the latest version of Collectric CMU and implement appropriate security measures such as input validation and using parameters in SQL queries.

Original NVD description (English source)

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS