CVE-2018-25199

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OOP CMS BLOG version 1.0

Description The software contains SQL injection flaws that permit unauthenticated attackers to execute arbitrary SQL queries through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, the pageid parameter in page.php, and the id parameter in posts.php to extract database information, including table names, schema names, and database credentials.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-25199

Affected Products

Oop Cms Blog

CVE-2018-25199

Weakness Enumeration

Related Identifiers

Affected Products

References · 6