Description
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.
Published: 2026-04-05
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential data theft or alteration via SQL injection
Action: Apply patch immediately
AI Analysis

Impact

The vulnerability is an SQL injection that allows attackers to inject malicious SQL code through the id_project parameter. This flaw can lead to unauthorized extraction of sensitive database information or modification of existing data, impacting the confidentiality and integrity of the application’s data.

Affected Systems

The affected product is Kados R10 GreenBee. There is no explicit version range in the CNA data, so any deployment of Kados R10 GreenBee is potentially susceptible.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, while the EPSS score of less than 1% suggests low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Attackers can exploit it by sending crafted requests to the id_project parameter; no special conditions beyond network access are specified, so the attack vector is likely network-based.

Generated by OpenCVE AI on April 7, 2026 at 22:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade Kados R10 GreenBee to a version that eliminates the id_project injection flaw
  • Restrict access to the application’s interfaces to trusted IP ranges or VPN access
  • Implement strict input validation or use parameterized queries for database interactions
  • Monitor web and database logs for suspicious activity that may indicate exploitation attempts
  • Verify that all public-facing components are up‑to‑date by checking the vendor’s website or security advisories

Generated by OpenCVE AI on April 7, 2026 at 22:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Marmotech
Marmotech kados
CPEs cpe:2.3:a:marmotech:kados:r10_greenbee:*:*:*:*:*:*:*
Vendors & Products Marmotech
Marmotech kados

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Kados
Kados kados R10 Greenbee
Vendors & Products Kados
Kados kados R10 Greenbee

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.
Title Kados R10 GreenBee SQL Injection via id_project Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Kados Kados R10 Greenbee
Marmotech Kados
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:15:49.342Z

Reserved: 2026-04-05T15:37:47.839Z

Link: CVE-2019-25702

cve-icon Vulnrichment

Updated: 2026-04-06T18:15:42.666Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T21:16:48.810

Modified: 2026-04-07T19:37:03.580

Link: CVE-2019-25702

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:53:10Z

Weaknesses