← Back
2026-03-26 11:39CVE-2018-25205VulnCheck
PUBLISHED5.2CWE-89

ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.

Problem type

Affected products

Mediasoftpro

ASP.NET jVideo Kit

1.0 - AFFECTED

References

ExploitDB-44739

https://www.exploit-db.com/exploits/44739

exploit
Official Product Homepage

https://www.mediasoftpro.com/video-sharing-script/mvc/

product
VulnCheck Advisory: ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter

https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter

third-party-advisory

GitHub Security Advisories

GHSA-r2q5-8xjm-cgh8

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated...

https://github.com/advisories/GHSA-r2q5-8xjm-cgh8

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2018-25205

exploit-db.com

https://www.exploit-db.com/exploits/44739

mediasoftpro.com

https://www.mediasoftpro.com/video-sharing-script/mvc

vulncheck.com

https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter

github.com

https://github.com/advisories/GHSA-r2q5-8xjm-cgh8

JSON source

https://cveawg.mitre.org/api/cve/CVE-2018-25205
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2018-25205",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-03-26T13:37:09.410Z",
    "dateReserved": "2026-03-26T11:33:20.750Z",
    "datePublished": "2026-03-26T11:39:52.323Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-03-26T11:39:52.323Z"
      },
      "datePublic": "2018-05-23T00:00:00.000Z",
      "title": "ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter",
      "descriptions": [
        {
          "lang": "en",
          "value": "ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques."
        }
      ],
      "affected": [
        {
          "vendor": "Mediasoftpro",
          "product": "ASP.NET jVideo Kit",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/44739",
          "name": "ExploitDB-44739",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.mediasoftpro.com/video-sharing-script/mvc/",
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter",
          "name": "VulnCheck Advisory: ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Özkan Mustafa Akkuş (AkkuS)",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T13:37:09.410Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}