SQL Injection in Mediasoftpro Asp.net Jvideo Kit
CVE-2018-25205
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or P…
Vulnerability class: SQL Injection
EPSS: 0.001 (32.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.
Affected products
- Mediasoftpro Asp.net Jvideo Kit — versions 1.0
Weakness classification (CWE)
References
- ExploitDB-44739 (exploit)
- Official Product Homepage (product)
- VulnCheck Advisory: ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter (third-party-advisory)
Frequently asked questions
- What is CVE-2018-25205?
- CVE-2018-25205 is a high-severity vulnerability in Mediasoftpro Asp.net Jvideo Kit, classified under SQL Injection. CVSS score: 8.2/10. Published 2026-03-26.
- How severe is CVE-2018-25205?
- High severity. CVSS v3 base score is 8.2 out of 10.