CVE-2018-25209

HIGH NVD

CVSS Score 8.2

Severity HIGH

Published Mar 26, 2026

Vendor unknown

Description

OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract sensitive database information or bypass authentication.

References

https://sourceforge.net/projects/bigchef/
https://sourceforge.net/projects/bigchef/files/latest/download
https://www.exploit-db.com/exploits/45801
https://www.vulncheck.com/advisories/openbiz-cubi-lite-sql-injection-via-username-parameter