CVE-2018-25425

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N                                    

Vulnerability Description

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names.

Vulnerability Details

Published Date

May 30, 2026

Last Modified

May 30, 2026

CWE ID

CWE-89

Source

NVD

Vendor

Yot

Product

Yot CMS

External References

https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip
https://www.exploit-db.com/exploits/45768
https://www.vulncheck.com/advisories/yot-cms-sql-injection-via-aid-and-cid-parameters
https://yot.sourceforge.io/

CVE-2018-25425

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment