CVE-2018-25411

Name of the Vulnerable Software and Affected Versions MGB OpenSource Guestbook version 0.7.0.2

Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'email.php' endpoint using crafted payloads in the id parameter, enabling the extraction of sensitive database information such as table and column names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.