CVE-2018-25182

Name of the Vulnerable Software and Affected Versions Silurus Classifieds Script version 2.0

Description The software contains an SQL injection issue that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can send GET requests to the wcategory.php endpoint with crafted SQL payloads through the ID parameter to extract database table names and sensitive information.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the wcategory.php script. Sanitize the ID parameter before using it in any database queries.