CVE-2018-25173

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2018-25173

Rmedia SMS 1.0 contains an unauthenticated SQL injection via the gid parameter in editgrp.php. An attacker can issue crafted GET requests using EXTRACTVALUE and CONCAT to retrieve schema names and sensitive database data. The vulnerability’s CVSS scores indicate a high-risk impact (CVSS 3.1: 8.2;...

Rmedia SMS SQL注入漏洞

Rmedia SMS is a SMS gateway system developed by Ananditwiz. Version 1.0 of Rmedia SMS has a SQL injection vulnerability. This vulnerability stems from the gid parameter in the editgrp.php file, which allows for SQL injections, potentially leading to the extraction of database schemas and sensitiv...