CVE-2018-25188

Name of the Vulnerable Software and Affected Versions Webiness Inventory version 2.3

Description The software contains an SQL injection issue that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can inject malicious code through the order parameter. By sending POST requests to the ''WsModelGrid.php'' endpoint with crafted SQL payloads, attackers can extract sensitive database information, including usernames, databases, and version details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.