CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-25187

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.7%

CVSS Severity

CVSS v3 Score 8.2

References

https://www.exploit-db.com/exploits/45833
https://www.vulncheck.com/advisories/tina-stack-sql-injection-and-database-file-download

Products affected by CVE-2018-25187

Tina4 » Tina4 Stack » Version: 1.0.3

cpe:2.3:a:tina4:tina4_stack:1.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25187

Products

Pricing

Contact Us