CVE-2018-25205

HIGH

ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter

Title source: cna

Description

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsasp

https://www.exploit-db.com/exploits/44739

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44739

https://www.exploit-db.com/exploits/44739

Product product

Official Product Homepage

https://www.mediasoftpro.com/video-sharing-script/mvc/

Third Party Advisory third-party-advisory

VulnCheck Advisory: ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter

https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter

Scores

CVSS v3 8.2

EPSS 0.0012

EPSS Percentile 31.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Mediasoftpro/ASP.NET jVideo Kit 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026