← Back to CVEs
CVE-2018-25187
HIGH8.2
Description
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
CVE Details
CVSS v3.1 Score8.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/6/2026
Last Modified3/16/2026
Sourcenvd
Honeypot Sightings0
Affected Products
tina4:tina4_stack
Weaknesses (CWE)
CWE-89
References
https://www.exploit-db.com/exploits/45833(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/tina-stack-sql-injection-and-database-file-download(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.