{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T19:56:20.468","vulnerabilities":[{"cve":{"id":"CVE-2025-10878","sourceIdentifier":"cve@mitre.org","published":"2026-02-03T20:15:55.837","lastModified":"2026-02-12T17:37:05.497","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation)."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL existe en la funcionalidad de inicio de sesión de Fikir Odalari AdminPando 1.0.1 anterior al 26-01-2026. Los parámetros de nombre de usuario y contraseña son vulnerables a inyección SQL, permitiendo a atacantes no autenticados eludir la autenticación completamente. La explotación exitosa otorga acceso administrativo completo a la aplicación, incluyendo la capacidad de manipular el contenido del sitio web de cara al público (manipulación de HTML/DOM)."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:omran:fikir_odalari_adminpando:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.1","matchCriteriaId":"1F7CF5D3-84FB-4FD9-AB76-8A1CBAF34443"}]}]}],"references":[{"url":"https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikir-odalar%C4%B1-adminpando/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikir-odalar%C4%B1-adminpando/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}