Description
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract sensitive database information including usernames, database names, and version details.
Published: 2026-05-30
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AiOPMSD Final 1.0.0 contains a classic SQL injection flaw that does not require authentication; an attacker can embed malicious SQL code into the genre query string and cause the application to execute arbitrary SQL statements. This flaw corresponds to CWE‑89 and allows an attacker to read sensitive database information such as user names, database names, and the database version, thereby compromising confidentiality and potentially enabling further post‑exploitation steps.

Affected Systems

AiOPMSD Final version 1.0.0 is affected. No other vendor or product variations are listed.

Risk and Exploitability

The flaw carries a CVSS score of 8.8, indicating high severity and broad impact. No embedded EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, so explicit exploitation likelihood is uncertain, yet an exploit exists in public exploit repositories. Attackers can trigger the vulnerability via unauthenticated HTTP GET requests to genre.php, so the attack surface is the public network and the risk is moderate to high for exposed installations.

Generated by OpenCVE AI on May 30, 2026 at 16:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AiOPMSD Final to a patched version that resolves the SQL injection flaw
  • Sanitize the genre parameter on the server side or use parameterized queries to eliminate unsanitized input
  • Limit access to genre.php by applying network ACLs or IP whitelisting to restrict who can send requests to the vulnerable endpoint

Generated by OpenCVE AI on May 30, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract sensitive database information including usernames, database names, and version details.
Title AiOPMSD Final 1.0.0 SQL Injection via genre.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-30T14:55:23.765Z

Reserved: 2026-05-30T12:48:30.863Z

Link: CVE-2018-25419

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T16:17:02.980

Modified: 2026-05-30T16:17:02.980

Link: CVE-2018-25419

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T16:30:27Z

Weaknesses