CVE-2018-25425

Name of the Vulnerable Software and Affected Versions Yot CMS version 3.3.1

Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with crafted payloads in the aid or cid parameters, attackers can extract database information, including table and column names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.