CVE-2019-25704

HIGH

Kados R10 GreenBee SQL Injection via filter_user_mail

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25704. PoCs published by Mehmet EMIROGLU.

AI-analyzed exploit summary The exploit demonstrates multiple SQL injection vulnerabilities in Kados R10 GreenBee, targeting parameters like 'menu_lev1', 'mng_profile_id', and 'id_to_modify'. It includes specific attack patterns and GET request examples to exploit these vulnerabilities.

Description

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.

Exploits (1)

exploitdb WORKING POC
by Mehmet EMIROGLU · textwebappsphp
https://www.exploit-db.com/exploits/46505

The exploit demonstrates multiple SQL injection vulnerabilities in Kados R10 GreenBee, targeting parameters like 'menu_lev1', 'mng_profile_id', and 'id_to_modify'. It includes specific attack patterns and GET request examples to exploit these vulnerabilities.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Kados R10 GreenBee
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-46505
https://www.exploit-db.com/exploits/46505
Product product
Official Product Homepage
https://www.kados.info/
Product product
Product Reference
https://sourceforge.net/projects/kados/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Kados R10 GreenBee SQL Injection via filter_user_mail
https://www.vulncheck.com/advisories/kados-r10-greenbee-sql-injection-via-filter-user-mail

Scores

CVSS v3 8.2
EPSS 0.0031
EPSS Percentile 22.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Kados/Kados R10 GreenBee R10 GreenBee
marmotech/kados r10_greenbee
Published Apr 05, 2026
Tracked Since Apr 06, 2026