← Volver a CVEs
CVE-2018-25187
HIGH8.2
Descripcion
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
Detalles CVE
Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/6/2026
Ultima modificacion3/16/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
tina4:tina4_stack
Debilidades (CWE)
CWE-89
Referencias
https://www.exploit-db.com/exploits/45833(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/tina-stack-sql-injection-and-database-file-download(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.