top of page
perceptive_background_267k.jpg

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Att…

Published:

5 maart 2026 om 23:00:00

Alert date:

6 maart 2026 om 14:08:47

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

CVE-2018-25187 affects Tina4 Stack version 1.0.3, containing multiple critical vulnerabilities that allow unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes without authentication. Additionally, SQL code can be injected through the menu endpoint to manipulate database queries. These vulnerabilities provide complete database access to unauthorized users, making them highly critical for affected systems.

Technical details

Mitigation steps:

Affected products:

Tina4 Stack

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25187
https://www.exploit-db.com/exploits/45833
https://www.vulncheck.com/advisories/tina-stack-sql-injection-and-database-file-download

Related CVE's:

Related threat actors:

IOC's:

kim.db

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page