Description
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extract sensitive database information including usernames, database names, and version details.
Published: 2026-05-30
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AiOPMSD Final 1.0.0 contains an SQL injection flaw that can be exploited by sending GET requests to country.php with a malicious country parameter. The attacker does not need any authentication and can execute arbitrary SQL queries against the database, allowing the extraction of sensitive information such as usernames, database names, and version details. The weakness is a classic SQL Injection issue (CWE-89).

Affected Systems

The affected product is AiOPMSD Final, version 1.0.0, distributed by Aiopmsd. No other versions or derivative products are listed as affected.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS data is not available, but the vulnerability can be triggered remotely via unauthenticated HTTP requests, making it easily exploitable in any web‑accessible deployment. The vulnerability is not listed in the CISA KEV catalog. Attackers can obtain confidential data and potentially modify the database if they craft write queries, posing a significant risk to both confidentiality and integrity.

Generated by OpenCVE AI on May 30, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest patch or upgrade AiOPMSD Final to a fixed version if one exists; if a patch is not published, upgrade to a newer release of the application.
  • Implement input validation and use prepared statements for the country parameter to prevent SQL injection.
  • Deploy a web application firewall or custom rules that detect and block typical SQL injection payloads targeting country.php.
  • Restrict direct web access to the application by placing it behind a secure reverse proxy and enforcing authentication for non‑public functionality.

Generated by OpenCVE AI on May 30, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Aiopmsd
Aiopmsd aiopmsd Final
Vendors & Products Aiopmsd
Aiopmsd aiopmsd Final

Sat, 30 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extract sensitive database information including usernames, database names, and version details.
Title AiOPMSD Final 1.0.0 SQL Injection via country.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Aiopmsd Aiopmsd Final
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-01T15:11:45.692Z

Reserved: 2026-05-30T12:40:27.053Z

Link: CVE-2018-25416

cve-icon Vulnrichment

Updated: 2026-06-01T15:11:41.389Z

cve-icon NVD

Status : Deferred

Published: 2026-05-30T16:17:02.580

Modified: 2026-06-01T16:51:36.193

Link: CVE-2018-25416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:17:39Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')