CVE-2018-18762

MEDIUM

SaltOS 3.1 r8126 - Unauthenticated Database Download

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18762. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in SaltOS ERP/CRM 3.1 r8126, allowing unauthenticated download of the SQLite database file (`saltos.db`) via a direct HTTP request. The PoC includes a PHP script to query and display user credentials from the database.

Description

SaltOS 3.1 r8126 contains a database download vulnerability.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45734

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in SaltOS ERP/CRM 3.1 r8126, allowing unauthenticated download of the SQLite database file (`saltos.db`) via a direct HTTP request. The PoC includes a PHP script to query and display user credentials from the database.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SaltOS ERP/CRM 3.1 r8126

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK

T1592 - Gather Victim Host Information T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/150005/SaltOS-Erp-Crm-3.1-r8126-Database-Download.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45734/

Scores

CVSS v3 6.5

EPSS 0.0619

EPSS Percentile 92.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

saltos/saltos 3.1

Published Mar 21, 2019

Tracked Since Feb 18, 2026