HIGH
M-Gb
CVE published 2026-05-30
CVE-2018-25411
MGB OpenSource Guestbook 0.7.0.2 contains an unauthenticated SQL injection vulnerability in the email.php endpoint. The 'id' parameter fails to properly sanitize user input, allowing remote attackers to inject arbitrary SQL queries via crafted GET requests. Successful exploitation can lead to extraction of sensitive database metadata including table and column names. The vulnerability is network-exploitab [truncated]