ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the…

CVE-2018-25205 is an SQL injection vulnerability in ASP.NET jVideo Kit 1.0 that allows unauthenticated attackers to inject malicious SQL commands through the 'query' parameter in the search functionality. Attackers can exploit this vulnerability by sending crafted GET or POST requests to the /search endpoint. The vulnerability enables extraction of sensitive database information using boolean-based blind or error-based SQL injection techniques. This represents a critical security flaw as it requires no authentication and can lead to complete database compromise. The vulnerability affects the video sharing application and has publicly available exploit code.