{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/asp.net/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","vulnerability","asp.net"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eASP.NET jVideo Kit 1.0 is susceptible to an SQL injection vulnerability (CVE-2018-25205) affecting its search functionality. This vulnerability enables unauthenticated attackers to inject arbitrary SQL commands by manipulating the \u0026lsquo;query\u0026rsquo; parameter. The attack can be carried out via both GET and POST requests directed towards the \u003ccode\u003e/search\u003c/code\u003e endpoint. Successful exploitation allows attackers to perform boolean-based blind or error-based SQL injection techniques, potentially leading to the extraction of sensitive database information. This vulnerability was published on March 26, 2026. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized access to sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies an ASP.NET jVideo Kit 1.0 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload designed to exploit the \u0026lsquo;query\u0026rsquo; parameter in the \u003ccode\u003e/search\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a GET or POST request to the \u003ccode\u003e/search\u003c/code\u003e endpoint with the crafted SQL payload embedded in the \u003ccode\u003equery\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe ASP.NET application fails to properly sanitize the input from the \u003ccode\u003equery\u003c/code\u003e parameter before using it in a database query.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL payload is executed against the database.\u003c/li\u003e\n\u003cli\u003eDepending on the SQL injection technique (boolean-based blind, error-based), the attacker infers information about the database structure and data.\u003c/li\u003e\n\u003cli\u003eThe attacker refines the SQL payloads to extract sensitive data, such as usernames, passwords, or other confidential information.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates the extracted data for malicious purposes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25205) allows unauthenticated attackers to extract sensitive information from the affected ASP.NET jVideo Kit 1.0 database. The number of affected installations is unknown, but the vulnerability could lead to data breaches, compromise of user accounts, and potential reputational damage to organizations using the vulnerable software. The affected software is a video sharing script, making content websites a key target.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates for ASP.NET jVideo Kit 1.0 to address CVE-2018-25205.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent SQL injection attacks against the \u003ccode\u003e/search\u003c/code\u003e endpoint, focusing on the \u0026lsquo;query\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect exploitation attempts targeting the \u003ccode\u003e/search\u003c/code\u003e endpoint with potentially malicious SQL queries.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-26T12:16:05Z","date_published":"2026-03-26T12:16:05Z","id":"/briefs/2026-03-jvideo-sql-injection/","summary":"ASP.NET jVideo Kit 1.0 is vulnerable to SQL injection via the 'query' parameter in the search functionality, allowing unauthenticated attackers to inject malicious SQL payloads to extract sensitive database information.","title":"ASP.NET jVideo Kit 1.0 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-jvideo-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Asp.net","version":"https://jsonfeed.org/version/1.1"}