CVE-2018-25395— Kados R10 GreenBee SQL Injection via update_feature.php
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kados | Kados R10 GreenBee | R10 GreenBee | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25395
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kados R10 GreenBee SQL Injection via update_feature.php
Source: NVD (National Vulnerability Database)
Vulnerability Description
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Kados | Kados R10 GreenBee | R10 GreenBee | - |
II. Public POCs for CVE-2018-25395
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-25395
请登录查看更多情报信息。
Exploits & Public PoCs for CVE-2018-25395 (1)
News Coverage for CVE-2018-25395 (1)
IV. Related Vulnerabilities
Same product: Kados R10 GreenBee
- CVE-2018-25394
Kados R10 GreenBee SQL Injection via update_release.php - CVE-2019-25704
Kados R10 GreenBee SQL Injection via filter_user_mail - CVE-2019-25702
Kados R10 GreenBee SQL Injection via id_project Parameter - CVE-2019-25700
Kados R10 GreenBee SQL Injection via sort_direction Paramete - CVE-2019-25698
Kados R10 GreenBee SQL Injection via id_to_delete Parameter
Same vendor: Kados
- CVE-2018-25394
Kados R10 GreenBee SQL Injection via update_release.php - CVE-2019-25704
Kados R10 GreenBee SQL Injection via filter_user_mail - CVE-2019-25702
Kados R10 GreenBee SQL Injection via id_project Parameter - CVE-2019-25700
Kados R10 GreenBee SQL Injection via sort_direction Paramete - CVE-2019-25698
Kados R10 GreenBee SQL Injection via id_to_delete Parameter
Same weakness: CWE-89
- CVE-2026-10105
agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata() - CVE-2018-25404
The Open ISES Project 3.30A SQL Injection via add_facnote.ph - CVE-2018-25402
The Open ISES Project 3.30A SQL Injection via inc_types_grap - CVE-2018-25403
The Open ISES Project 3.30A SQL Injection via city_graph.php - CVE-2018-25401
The Open ISES Project 3.30A SQL Injection via sever_graph.ph
V. Comments for CVE-2018-25395
No comments yet