Primary

Context

OpenBiz Cubi Lite SQL Injection Vulnerability in Login Form

Vulnerability

A SQL injection vulnerability has been identified in OpenBiz Cubi Lite version 3.0.8. The issue resides in the login form, where unauthenticated attackers can manipulate database queries by injecting malicious SQL code through the username parameter. Exploitation of this vulnerability allows attackers to extract sensitive information from the database or bypass authentication altogether.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of database information. Additionally, it could allow attackers to bypass authentication processes.

Reproduction

To reproduce this vulnerability, send a POST request to '/bin/controller.php' with the 'username' parameter containing the injected SQL payload. The injection can be crafted to exploit time-based blind SQL injection techniques, such as using 'SLEEP' commands to verify the injection's success.

Added: Mar 26, 2026, 12:28 PM

Updated: Mar 26, 2026, 12:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

4.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

4.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenBiz Cubi Lite SQL Injection Vulnerability in Login Form

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating