CVE-2018-25418

Name of the Vulnerable Software and Affected Versions AiOPMSD Final version 1.0.0

Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'year.php' endpoint with crafted SQL payloads in the year parameter, enabling the extraction of sensitive database information such as usernames, database names, and version details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.