CVE-2018-25197

Name of the Vulnerable Software and Affected Versions PlayJoom version 0.10.1

Description The software contains an SQL injection issue that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can send GET requests to the ''index.php'' endpoint with the option parameter set to 'com playjoom', the view parameter set to 'genre', and the catid parameter set to malicious SQL code. This allows extraction of sensitive database information, including usernames, databases, and version details.

Recommendations Update PlayJoom to a newer version that contains a fix for this vulnerability.