CVE-2018-25257

HIGH

Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Title source: cna

Description

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.

Exploits (1)

exploitdb WORKING POC

by Joner de Mello Assolin · textwebappsphp

https://www.exploit-db.com/exploits/46217

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit exploit

ExploitDB-46217

https://www.exploit-db.com/exploits/46217

Third Party Advisory third-party-advisory

VulnCheck Advisory: Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

https://www.vulncheck.com/advisories/adianti-framework-and-sql-injection-via-profile

Scores

CVSS v3 7.1

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

adianti/Adianti Framework 5.5.0

Published Apr 12, 2026

Tracked Since Apr 12, 2026