These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
AiOPMSD Final 1.0.0 contains an unauthenticated SQL injection vulnerability in the watch.php endpoint. The 'id' parameter fails to properly sanitize user input, allowing remote attackers to inject arbitrary SQL commands via crafted GET requests. Successful exploitation can lead to extraction of sensitive database information including usernames, database names, and version details. The vulnerability is ra [truncated]
CVE-2018-25418 documents an unauthenticated SQL injection vulnerability in AiOPMSD Final 1.0.0. The flaw resides in the year.php endpoint, where the year parameter fails to properly sanitize user-supplied input before incorporating it into SQL queries. An unauthenticated remote attacker can exploit this weakness by sending crafted GET requests containing malicious SQL payloads to extract sensitive databas [truncated]
CVE-2018-25417 documents an unauthenticated SQL injection vulnerability in AiOPMSD Final 1.0.0, a project distributed via SourceForge. The flaw resides in quality.php, where the quality parameter fails to sanitize user input before incorporating it into SQL queries. Attackers can exploit this via crafted GET requests to execute arbitrary SQL, enabling extraction of sensitive database metadata including us [truncated]
AiOPMSD Final 1.0.0 contains an unauthenticated SQL injection vulnerability in the country parameter of country.php. The vulnerability allows remote attackers to execute arbitrary SQL queries via crafted GET requests, potentially exposing sensitive database information including usernames, database names, and version details. The CVSS 4.0 vector indicates network attack vector with low attack complexity, [truncated]
CVE-2018-25415 documents an unauthenticated SQL injection vulnerability in AiOPMSD Final 1.0.0. The flaw resides in the `director` parameter of `director.php`, where attacker-controlled input is incorporated directly into SQL queries without adequate sanitization. An unauthenticated remote attacker can exploit this by sending a crafted GET request to `director.php` with a malicious SQL payload in the `dir [truncated]
CVE-2018-25414 documents an unauthenticated SQL injection vulnerability in AiOPMSD Final 1.0.0, a PHP-based application distributed via SourceForge. The flaw resides in actor.php, where the actor parameter is passed directly into SQL queries without proper sanitization or parameterization. An unauthenticated remote attacker can send crafted GET requests to this endpoint to execute arbitrary SQL, enabling [truncated]
AiOPMSD Final 1.0.0 contains an unauthenticated SQL injection vulnerability in the search.php endpoint. The 'q' parameter fails to properly sanitize user input, allowing remote attackers to inject arbitrary SQL commands via crafted GET requests. This vulnerability enables extraction of sensitive database information including usernames, database names, and version details without authentication. The CVSS [truncated]