Description
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
Published: 2026-05-29
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Kados R10 GreenBee exposes an SQL injection flaw in boards_buttons/update_feature.php that allows unauthenticated attackers to embed and execute arbitrary SQL queries through the feature_id parameter. The vulnerability results from concatenating the raw feature_id value directly into a SQL statement without any sanitization, enabling the attacker to craft a GET request that injects UNION-based payloads. Consequently, a malicious actor can read sensitive database information such as the current database user, database name, and DBMS version.

Affected Systems

The affected product is Kados R10 GreenBee, a web application platform. The vulnerability is located in the update_feature.php endpoint within the boards_buttons module; no specific version range is provided by the advisory.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. The likely attack vector is a remote HTTP request to boards_buttons/update_feature.php that leverages the feature_id parameter; attackers do not need to authenticate. The vulnerability is not listed in the CISA KEV catalog and the EPSS score is not available, but the high CVSS combined with unauthenticated access suggests a significant risk of data disclosure if exploited.

Generated by OpenCVE AI on May 29, 2026 at 18:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and apply the official vendor patch for Kados R10 GreenBee that fixes the SQL injection flaw in update_feature.php.
  • If a vendor patch is not yet available, block external access to boards_buttons/update_feature.php by configuring the web server or firewall to allow only trusted IP addresses.
  • When possible, refactor the application to validate the feature_id input and use parameterized queries or prepared statements so that user-supplied data is never concatenated directly into SQL statements.

Generated by OpenCVE AI on May 29, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Kados
Kados kados R10 Greenbee
Vendors & Products Kados
Kados kados R10 Greenbee

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
Title Kados R10 GreenBee SQL Injection via update_feature.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Kados Kados R10 Greenbee
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-29T20:35:54.611Z

Reserved: 2026-05-29T11:35:23.594Z

Link: CVE-2018-25395

cve-icon Vulnrichment

Updated: 2026-05-29T20:35:49.928Z

cve-icon NVD

Status : Deferred

Published: 2026-05-29T16:16:18.977

Modified: 2026-05-29T16:29:11.350

Link: CVE-2018-25395

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T18:30:05Z

Weaknesses