216.73.217.64

CVE-2018-25199

· Published 06/03/2026 13:16 · Modified 06/03/2026 13:16

Labels: CVE-2018-25199 2026-03-06CVE-2018-25199CWE-89[email protected]

Essential information

Published
06/03/2026 13:16
Modified
06/03/2026 13:16
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
oop / cms blog cpe:2.3:a:oop:cms_blog:1.0:*:*:*:*:*:*:*

References