CVE-2018-25171

High CVSS: 8.8

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint with crafted SQL UNION statements to extract database information including schema names, user credentials, and version details.

Vendor

Product

CWE

CWE-434

Yayın Tarihi

2026-03-06 13:15:58

Güncelleme

2026-03-09 13:35:34

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 HIGH 2026

Referanslar

https://www.exploit-db.com/exploits/45849 https://www.vulncheck.com/advisories/edtv-sql-injection-via-id-parameter