Home / Vulnerability Intelligence / CVE-2018-25173

CVE-2018-25173 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

Rmedia SMS - SQL Injection

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

Rmedia SMS 1.0 contains an sql injection caused by unsanitized gid parameter in editgrp.php, letting unauthenticated attackers extract database information via crafted SQL queries.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information, potentially compromising the entire database.

Mitigation

Update to the latest version of Rmedia SMS or apply patches that sanitize SQL inputs.

References

https://www.exploit-db.com/exploits/45855
https://www.vulncheck.com/advisories/rmedia-sms-sql-injection-via-editgrpphp

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25173
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N