{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25205", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-26T11:33:20.750Z", "datePublished": "2026-03-26T11:39:52.323Z", "dateUpdated": "2026-03-26T13:37:09.410Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T11:39:52.323Z"}, "datePublic": "2018-05-23T00:00:00.000Z", "title": "ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter", "descriptions": [{"lang": "en", "value": "ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Mediasoftpro", "product": "ASP.NET jVideo Kit", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/44739", "name": "ExploitDB-44739", "tags": ["exploit"]}, {"url": "https://www.mediasoftpro.com/video-sharing-script/mvc/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter"}], "credits": [{"lang": "en", "value": "\u00d6zkan Mustafa Akku\u015f (AkkuS)", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:37:00.194929Z", "id": "CVE-2018-25205", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:37:09.410Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25205", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T13:37:00.194929Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:37:05.243Z"}}], "cna": {"title": "ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter", "credits": [{"lang": "en", "type": "finder", "value": "\u00d6zkan Mustafa Akku\u015f (AkkuS)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Mediasoftpro", "product": "ASP.NET jVideo Kit", "versions": [{"status": "affected", "version": "1.0"}]}], "datePublic": "2018-05-23T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/44739", "name": "ExploitDB-44739", "tags": ["exploit"]}, {"url": "https://www.mediasoftpro.com/video-sharing-script/mvc/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter", "name": "VulnCheck Advisory: ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T11:39:52.323Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25205", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:37:09.410Z", "dateReserved": "2026-03-26T11:33:20.750Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-26T11:39:52.323Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques."}], "id": "CVE-2018-25205", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-26T12:16:05.447", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/44739"}, {"source": "disclosure@vulncheck.com", "url": "https://www.mediasoftpro.com/video-sharing-script/mvc/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ASP.NET jVideo Kit", "source": "cna", "vendor": "Mediasoftpro"}, "product": "asp.net_jvideo_kit", "vendor": "mediasoftpro"}], "analysis": {"en": {"generated_at": "2026-03-26T13:22:51.682530+00:00", "value": {"mitigation_remediation": ["Verify the current version of jVideo Kit. If an updated version that fixes the issue exists, upgrade immediately. If no update is available, restrict access to the /search endpoint to authenticated users only or remove the feature until remediation. Implement a web application firewall rule to block suspicious SQL injection patterns targeting the 'query' parameter. Sanitize all user input on the server side and use parameterised queries to prevent future injection attempts."], "summary": {"action": "Immediate Patch", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "This flaw affects the Mediasoftpro ASP.NET jVideo Kit version 1.0. The product is used for video sharing and includes a search feature that directly reflects user input to the database query. No other versions are mentioned as affected; therefore version 1.0 is considered fully vulnerable.", "description_and_impact": "The vulnerability is an SQL injection that allows an attacker to inject arbitrary SQL through the 'query' parameter in the search functionality. Because the application does not properly sanitise or parameterise user input, an unauthenticated user can submit multiple GET or POST requests to the /search endpoint and retrieve hidden data. The impact is the unprivileged ability to read sensitive database tables and potentially other confidential information, thereby compromising data confidentiality.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity, reflecting the remote, unauthenticated nature of the attack and the high potential impact on confidentiality. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, which suggests limited, but still significant exposure. Attackers can exploit the flaw over standard HTTP(s) traffic, with no special privileges required, making it possible for anyone with internet access to compromise the database."}}}}, "created": "2026-03-26T13:54:44.708599+00:00", "updated": "2026-03-27T08:36:05.739843+00:00", "vendors": ["mediasoftpro", "mediasoftpro$PRODUCT$asp.net_jvideo_kit"]}