Description
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data.
Published: 2026-04-05
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Exposure / Modification
Action: Immediate Patch
AI Analysis

Impact

The vulnerability permits an attacker to inject arbitrary SQL through the id_to_modify parameter in Kados R10 GreenBee, allowing extraction of sensitive information or modification of database contents. This flaw is a classic SQL injection (CWE-89) that directly compromises the confidentiality and integrity of data stored by the application.

Affected Systems

The affected product is Kados R10 GreenBee from the manufacturer Kados. No specific version information is provided in the available data, and the vulnerability is present in the R10 GreenBee feature set.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity risk. The EPSS score is reported as less than 1%, suggesting a low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is via web requests to the vulnerable endpoint carrying a malicious id_to_modify value, executable over the network against an exposed instance of the application.

Generated by OpenCVE AI on April 7, 2026 at 23:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch released by Kados for Kados R10 GreenBee
  • If no patch is available, restrict access to the vulnerable endpoint and enforce strict input validation

Generated by OpenCVE AI on April 7, 2026 at 23:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Marmotech
Marmotech kados
CPEs cpe:2.3:a:marmotech:kados:r10_greenbee:*:*:*:*:*:*:*
Vendors & Products Marmotech
Marmotech kados

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Kados
Kados kados R10 Greenbee
Vendors & Products Kados
Kados kados R10 Greenbee

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data.
Title Kados R10 GreenBee SQL Injection via id_to_modify Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Kados Kados R10 Greenbee
Marmotech Kados
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T15:26:36.534Z

Reserved: 2026-04-05T15:33:14.420Z

Link: CVE-2019-25692

cve-icon Vulnrichment

Updated: 2026-04-06T15:22:40.839Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T21:16:47.990

Modified: 2026-04-07T16:45:46.560

Link: CVE-2019-25692

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:53:16Z

Weaknesses