CVE-2018-25199

HIGH

OOP CMS BLOG 1.0 - SQL Injection

Title source: llm

Description

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45799

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/45799

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/oop-cms-blog-sql-injection-via-search-parameter

Scores

CVSS v3 8.2

EPSS 0.0023

EPSS Percentile 45.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

tomalofficial/php_oop_cms_blog 1.0

Published Mar 06, 2026

Tracked Since Mar 06, 2026