CVE-2018-25379

Name of the Vulnerable Software and Affected Versions Collectric CMU version 1.0

Description An issue exists where unauthenticated attackers can manipulate database queries during authentication. This is achieved by injecting SQL code through the lang parameter in login requests, allowing the extraction of sensitive information from the database using boolean-based and time-based blind techniques. Blind SQL injection is a method where an attacker asks the database true or false questions and determines the answer based on the application's response or the time it takes to respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.