CVE-2018-25209
OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter
CVSS Score
8.2
EPSS Score
0.2%
EPSS Percentile
38th
OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract sensitive database information or bypass authentication.
| CWE | CWE-89 |
| Vendor | sourceforge |
| Product | openbiz cubi lite |
| Published | Mar 26, 2026 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for sourceforge openbiz cubi lite
Be the first to know when new high vulnerabilities affecting sourceforge openbiz cubi lite are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
Sourceforge / OpenBiz Cubi Lite
v3.0.8
References
exploit-db.com: https://www.exploit-db.com/exploits/45801 sourceforge.net: https://sourceforge.net/projects/bigchef/ sourceforge.net: https://sourceforge.net/projects/bigchef/files/latest/download vulncheck.com: https://www.vulncheck.com/advisories/openbiz-cubi-lite-sql-injection-via-username-parameter
Credits
Özkan Mustafa Akkuş (AkkuS)