top of page
perceptive_background_267k.jpg

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code th…

Published:

28 May 2026 at 22:00:00

Alert date:

29 May 2026 at 17:11:09

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

Kados R10 GreenBee contains a critical SQL injection vulnerability in the feature_id parameter of boards_buttons/update_feature.php. Unauthenticated attackers can exploit this vulnerability to execute arbitrary SQL queries through crafted GET requests with UNION-based payloads. The vulnerability exists because user input is concatenated directly into SQL statements without proper sanitization. Attackers can extract sensitive database information including current user credentials, database names, and DBMS version information. This represents a significant security risk for systems running the affected Kados R10 GreenBee software.

Technical details

Mitigation steps:

Affected products:

Kados R10 GreenBee

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25395
https://sourceforge.net/projects/kados/
https://www.exploit-db.com/exploits/45617
https://www.kados.info/
https://www.vulncheck.com/advisories/kados-r10-greenbee-sql-injection-via-update-feature-php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page