CVE-2018-25187 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: March 6, 2026
Tina4 Stack - SQL Injection & Information Disclosure
Published: March 6, 2026Updated: March 6, 2026Remote Exploitable
Overview
Tina4 Stack 1.0.3 contains SQL injection and unauthorized file access vulnerabilities caused by direct requests to kim.db and SQL injection via the menu endpoint, letting unauthenticated attackers access sensitive data and manipulate queries.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Unauthenticated attackers can retrieve sensitive database files and execute SQL injection to manipulate or access user credentials and password hashes.
Mitigation
Update to the latest version of Tina4 Stack.
References
Related Resources
Details
- CVE ID
- CVE-2018-25187
- Severity
- High
- CVSS Score
- 8.2
- Type
- sql_injection
- Status
- new
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N