CVE-2018-25417: SQL Injection in AiOPMSD Final 1.0.0 – Unauthenticated Database Access
AiOPMSD Final 1.0.0 contains an unauthenticated SQL injection flaw in the quality.php endpoint. An attacker can craft a malicious GET request with a SQL payload in the quality parameter to run arbitrary SQL commands against the backend database, potentially exposing usernames, database identifiers, and version information without requiring any authentication or user interaction.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.2 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Weaknesses (CWE)
- CWE-89
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-30 / 2026-06-17
NVD description (verbatim)
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extract sensitive database information including usernames, database names, and version details.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
This is a classic SQL injection vulnerability (CWE-89) affecting AiOPMSD Final version 1.0.0. The application fails to sanitize or parameterize the 'quality' GET parameter before passing it to a SQL query. An unauthenticated network attacker can send specially crafted requests to quality.php that inject SQL syntax—such as UNION SELECT, OR conditions, or comment sequences—to bypass query logic and extract arbitrary data from the database. The vulnerability exists in a parameter that likely lacks input validation, type checking, or prepared statement usage.
Business impact
Successful exploitation enables unauthorized access to sensitive database contents, including user credentials, internal system identifiers, and database version information. This creates immediate risk of account takeover, privilege escalation, and further lateral movement within the application or infrastructure. Data exfiltration can trigger regulatory compliance violations (GDPR, HIPAA, PCI-DSS depending on data classification) and reputational damage. The unauthenticated nature of the attack means no insider access or stolen credentials are required—any internet-facing deployment is immediately at risk.
Affected systems
AiOPMSD Final version 1.0.0 is confirmed vulnerable. The quality.php endpoint and the quality GET parameter are the primary attack surface. Any deployment of this version, particularly internet-facing or accessible from untrusted networks, should be considered exposed. Organizations must inventory all instances of AiOPMSD Final 1.0.0 in their environment, including development, test, and production systems.
Exploitability
Exploitability is very high. The attack requires no authentication, no special privileges, and no user interaction. It can be executed via simple HTTP GET requests from any network-connected system. Automated scanning and exploitation tools can trivially identify and abuse this vulnerability at scale. The low attack complexity and high impact make this a critical priority for rapid remediation.
Remediation
Immediate actions: Take any internet-facing AiOPMSD Final 1.0.0 deployments offline or restrict network access to trusted sources only via firewall or network segmentation. Contact the AiOPMSD vendor to obtain a patched version or security advisory. Implement input validation and SQL injection protections at the application layer. Consider using parameterized queries (prepared statements) for all database operations. Audit database access logs for evidence of exploitation attempts or successful data extraction.
Patch guidance
Check the vendor's official advisory and support channels for a patched version of AiOPMSD that addresses this SQL injection flaw. Verify patch availability and compatibility with your deployed version before applying updates. If no patch is publicly available, maintain strict network controls and consider architectural changes such as deploying a Web Application Firewall (WAF) with SQL injection detection rules while awaiting an official fix.
Detection guidance
Monitor quality.php endpoints for GET requests containing suspicious SQL syntax patterns such as single quotes, SQL keywords (UNION, SELECT, OR, AND, COMMENT sequences like -- or /*), and URL-encoded variants (%27, %2D%2D). Implement query logging on the backend database to capture and alert on unusual SQL patterns. Review web application firewall (WAF) logs for SQL injection signature matches. Search historical logs for requests to quality.php with special characters or SQL keywords to identify potential past exploitation.
Why prioritize this
This vulnerability scores 8.2 (HIGH) due to the combination of complete lack of authentication requirements, network accessibility, high confidentiality impact from database information disclosure, and low attack complexity. The CWE-89 SQL injection classification reflects a well-understood, easily exploitable flaw. Immediate patching or mitigation is essential to prevent data compromise.
Risk score, explained
CVSS 3.1 score of 8.2 reflects: Attack Vector (Network) — remotely exploitable; Attack Complexity (Low) — no special conditions needed; Privileges Required (None) — unauthenticated access; User Interaction (None) — no victim action required; Confidentiality (High) — sensitive database data is exposed; Integrity (Low) — potential for limited data modification; Availability (None) — no denial-of-service component. This HIGH severity rating justifies emergency response prioritization.
Frequently asked questions
Can this vulnerability be exploited without network access to AiOPMSD?
No. The vulnerability requires network connectivity to the quality.php endpoint. However, if AiOPMSD Final 1.0.0 is internet-facing or accessible from untrusted networks, the barrier to exploitation is effectively zero—no credentials or special access is needed.
What data can an attacker extract using this SQL injection?
The vulnerability allows extraction of any data accessible to the database user account running AiOPMSD, including usernames, database names, version details, and potentially other sensitive records depending on the database schema and permissions. Full database enumeration is possible with standard SQL injection techniques.
Is there a workaround if we cannot immediately patch AiOPMSD?
Temporary workarounds include: restricting network access to quality.php via firewall rules, deploying a WAF with SQL injection filtering, implementing API rate limiting, and moving the application behind a VPN or bastion host. However, these are defensive measures only—patching remains the definitive solution.
How do we know if our AiOPMSD instance has been exploited?
Review web server access logs for unusual GET requests to quality.php with SQL-like syntax, database audit logs for unexpected queries, and file integrity monitoring for unauthorized changes. Conduct a comprehensive database access audit to identify any suspicious data extraction. Engage forensics if evidence of exploitation is found.
This analysis is provided for informational and defensive security purposes. SEC.co does not provide, facilitate, or endorse any offensive use, exploitation, or weaponization of this vulnerability. Organizations are responsible for validating patch compatibility, testing in non-production environments, and ensuring compliance with applicable laws and policies. Vendor advisories and official documentation should be consulted for authoritative guidance. Security professionals should exercise due diligence in all remediation activities. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25382HIGHZechat 1.5 SQL Injection Vulnerability – Unauthenticated Database Access
- CVE-2018-25385HIGHUnauthenticated SQL Injection in E-Registrasi Pencak Silat 18.10
- CVE-2018-25386HIGHSQL Injection in HaPe PKH 1.1 Admin Interface
- CVE-2018-25389HIGHSQL Injection in HaPe PKH 1.1 Database Extraction
- CVE-2018-25390HIGHUnauthenticated SQL Injection in HaPe PKH 1.1
- CVE-2018-25392HIGHSQL Injection in MaxOn ERP Software 8.x-9.x
- CVE-2018-25394HIGHSQL Injection in Kados R10 GreenBee Unauthenticated Remote Database Access
- CVE-2018-25395HIGHKados R10 GreenBee SQL Injection Vulnerability – Unauthenticated Database Access