CVE-2018-25191

Name of the Vulnerable Software and Affected Versions Facturation System version 1.0

Description Facturation System version 1.0 contains an SQL injection issue that permits authenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the mod id parameter. Attackers can send POST requests to the ''editar producto.php'' endpoint with crafted SQL payloads in the mod id parameter to extract sensitive database information, including usernames, database names, and version details.

Recommendations Update to a newer version that contains a fix for this vulnerability.