CVE-2018-25257

HIGH

Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25257. PoCs published by Joner de Mello Assolin.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Adianti Framework versions 5.5.0 and 5.6.0, allowing an attacker to modify user profiles and escalate privileges to administrator by injecting malicious SQL into the profile edit form.

Description

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.

Exploits (1)

exploitdb WORKING POC

by Joner de Mello Assolin · textwebappsphp

https://www.exploit-db.com/exploits/46217

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Adianti Framework versions 5.5.0 and 5.6.0, allowing an attacker to modify user profiles and escalate privileges to administrator by injecting malicious SQL into the profile edit form.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Adianti Framework 5.5.0 and 5.6.0

Auth required

Prerequisites: Access to a user account (can be a standard user) · Access to the profile edit page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit

ExploitDB-46217

https://www.exploit-db.com/exploits/46217

Third Party Advisory third-party-advisory

VulnCheck Advisory: Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

https://www.vulncheck.com/advisories/adianti-framework-and-sql-injection-via-profile

Scores

CVSS v3 7.1

EPSS 0.0019

EPSS Percentile 9.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

adianti/Adianti Framework 5.5.0

Published Apr 12, 2026

Tracked Since Apr 12, 2026