Description
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
Published: 2026-05-29
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Kados R10 GreenBee contains a flaw in boards_buttons/update_release.php where the release_id parameter is concatenated directly into SQL statements without sanitization, enabling attackers to inject arbitrary SQL queries. The vulnerability allows unauthenticated attackers to extract sensitive database information such as the current user, database name, and DBMS version, potentially exposing confidential data and facilitating further attacks depending on database privileges. This is a classic SQL injection identified as CWE-89.

Affected Systems

The vulnerability affects the Kados R10 GreenBee product. No specific version information is provided in the CVE data, so all installations of Kados R10 GreenBee should be considered potentially impacted until a patch is applied.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, and the exploit is believed to be possible via unauthenticated web requests without any special privileges. The EPSS score is not available, and the issue is not listed in CISA KEV, but the high CVSS suggests the exploit could be attempted by threat actors. The likely attack vector is a crafted GET request to update_release.php with a UNION-based payload, as indicated by the description. Because no additional mitigation steps are noted from the CNA, the vulnerability remains a significant risk until remedied.

Generated by OpenCVE AI on May 29, 2026 at 17:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Kados R10 GreenBee to the latest release that fixes the unsanitized release_id usage in update_release.php
  • Restrict access to boards_buttons/update_release.php so that only authenticated and authorized users can invoke it, or bind the web server to trusted IP ranges
  • Implement input validation or use parameterized queries for the release_id parameter to eliminate the SQL injection opportunity

Generated by OpenCVE AI on May 29, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Kados
Kados kados R10 Greenbee
Vendors & Products Kados
Kados kados R10 Greenbee

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
Title Kados R10 GreenBee SQL Injection via update_release.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Kados Kados R10 Greenbee
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-29T14:46:36.945Z

Reserved: 2026-05-29T11:33:58.228Z

Link: CVE-2018-25394

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-29T16:16:18.837

Modified: 2026-05-29T16:29:11.350

Link: CVE-2018-25394

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:45:04Z

Weaknesses