Back to CVE List

CVE-2018-25199

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Vulnerability Description

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
Zsoft
Product
OOP CMS BLOG

External References

Discussion (0)

Add Comment

No comments yet. Be the first!