CVE-2018-25379
HighSummary
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.
Risk Assessment
This vulnerability may lead to the exposure of sensitive data from the database, posing a serious security threat to the organization. Attackers can exploit this flaw to perform unauthorized operations on the data.
Recommendation
It is recommended to update to the latest version of Collectric CMU and implement appropriate security measures such as input validation and using parameters in SQL queries.
Original NVD description (English source)
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

