Home / Vulnerability Intelligence / CVE-2019-25694

CVE-2019-25694 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 5, 2026

Kados R10 GreenBee - SQL Injection

Published: April 5, 2026Updated: April 5, 2026Remote Exploitable

Overview

Kados R10 GreenBee contains an sql injection caused by unsanitized user2reset parameter, letting unauthenticated attackers extract or modify database information remotely, exploit requires crafted requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract or modify sensitive database information, potentially compromising the entire database.

Mitigation

Update to the latest version of Kados R10 GreenBee.

References

https://www.vulncheck.com/advisories/kados-r10-greenbee-sql-injection-via-user2reset
https://sourceforge.net/projects/kados/
https://www.exploit-db.com/exploits/46505
https://www.kados.info/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25694
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N