Description
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.
Published: 2026-03-26
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Exposure
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an SQL injection that allows an attacker to inject arbitrary SQL through the 'query' parameter in the search functionality. Because the application does not properly sanitise or parameterise user input, an unauthenticated user can submit multiple GET or POST requests to the /search endpoint and retrieve hidden data. The impact is the unprivileged ability to read sensitive database tables and potentially other confidential information, thereby compromising data confidentiality.

Affected Systems

This flaw affects the Mediasoftpro ASP.NET jVideo Kit version 1.0. The product is used for video sharing and includes a search feature that directly reflects user input to the database query. No other versions are mentioned as affected; therefore version 1.0 is considered fully vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, reflecting the remote, unauthenticated nature of the attack and the high potential impact on confidentiality. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, which suggests limited, but still significant exposure. Attackers can exploit the flaw over standard HTTP(s) traffic, with no special privileges required, making it possible for anyone with internet access to compromise the database.

Generated by OpenCVE AI on March 26, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the current version of jVideo Kit. If an updated version that fixes the issue exists, upgrade immediately. If no update is available, restrict access to the /search endpoint to authenticated users only or remove the feature until remediation. Implement a web application firewall rule to block suspicious SQL injection patterns targeting the 'query' parameter. Sanitize all user input on the server side and use parameterised queries to prevent future injection attempts.

Generated by OpenCVE AI on March 26, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediasoftpro
Mediasoftpro asp.net Jvideo Kit
Vendors & Products Mediasoftpro
Mediasoftpro asp.net Jvideo Kit

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.
Title ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mediasoftpro Asp.net Jvideo Kit
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T13:37:09.410Z

Reserved: 2026-03-26T11:33:20.750Z

Link: CVE-2018-25205

cve-icon Vulnrichment

Updated: 2026-03-26T13:37:05.243Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T12:16:05.447

Modified: 2026-03-26T15:13:15.790

Link: CVE-2018-25205

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T08:36:05Z

Weaknesses