CVE-2018-25189

Name of the Vulnerable Software and Affected Versions Data Center Audit version 2.6.2

Description The software contains an SQL injection issue in the username parameter of the 'dca login.php' file. Unauthenticated attackers can submit crafted SQL payloads through POST requests to execute arbitrary SQL queries. This allows extraction of sensitive database information, including usernames, database names, and version details. The vulnerable parameter is username. The affected API endpoint is 'dca login.php'.

Recommendations Update to a newer version that contains a fix for this vulnerability.