CVE-2018-25425

HIGH

Yot CMS 3.3.1 - SQL Injection via aid and cid Parameters

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25425. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Yot CMS 3.3.1 via the 'aid' and 'cid' parameters. It uses a UNION-based SQLi technique to extract database schema information, including table and column names, from the target system.

Description

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45768

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in Yot CMS 3.3.1 via the 'aid' and 'cid' parameters. It uses a UNION-based SQLi technique to extract database schema information, including table and column names, from the target system.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Yot CMS 3.3.1

No auth needed

Prerequisites: Target system running Yot CMS 3.3.1 · Access to the vulnerable endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 30, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-45768

https://www.exploit-db.com/exploits/45768

Product product

Official Product Homepage

https://yot.sourceforge.io/

Product product

Product Reference

https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip

Third Party Advisory third-party-advisory

VulnCheck Advisory: Yot CMS 3.3.1 SQL Injection via aid and cid Parameters

https://www.vulncheck.com/advisories/yot-cms-sql-injection-via-aid-and-cid-parameters

Scores

CVSS v3 8.2

EPSS 0.0027

EPSS Percentile 18.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Yot/Yot CMS 3.3.1

Published May 30, 2026

Tracked Since May 30, 2026