VYPR
Unrated severityNVD Advisory· Published Mar 26, 2026· Updated Mar 26, 2026

OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter

CVE-2018-25209

Description

OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract sensitive database information or bypass authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: 3.0.8
  • Sourceforge/OpenBiz Cubi Litev5
    Range: v3.0.8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.