TROYANOSYVIRUS
Retour aux CVEs

CVE-2018-25187

HIGH
8.2

Description

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.

Details CVE

Score CVSS v3.18.2
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/6/2026
Derniere modification3/16/2026
Sourcenvd
Observations honeypot0

Produits affectes

tina4:tina4_stack

Faiblesses (CWE)

CWE-89

References

https://www.exploit-db.com/exploits/45833(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/tina-stack-sql-injection-and-database-file-download(disclosure@vulncheck.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.