CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-25199

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.7%

CVSS Severity

CVSS v3 Score 8.2

References

https://www.exploit-db.com/exploits/45799
https://www.vulncheck.com/advisories/oop-cms-blog-sql-injection-via-search-parameter

Products affected by CVE-2018-25199

Tomalofficial » Php Oop Cms Blog » Version: 1.0

cpe:2.3:a:tomalofficial:php_oop_cms_blog:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25199

Products

Pricing

Contact Us