CVE-2018-25395 documents an unauthenticated SQL injection vulnerability in Kados R10 GreenBee, a project management application. The flaw exists in the `feature_id` parameter of `boards_buttons/update_feature.php`, where user-supplied input is concatenated directly into SQL statements without sanitization. Attackers can exploit this via crafted GET requests using UNION-based payloads to extract sensitive [truncated]
CVE-2018-25394 documents an unauthenticated SQL injection vulnerability in Kados R10 GreenBee, a project management application. The flaw exists in the `release_id` parameter of `boards_buttons/update_release.php`, where user-supplied input is concatenated directly into SQL statements without sanitization. Attackers can exploit this via crafted GET requests using UNION-based payloads to extract sensitive [truncated]
