CVE-2018-25199 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code throug…
High CVSS: 8.8

CVE-2018-25199

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.
Vendor
Tomalofficial
Product
Php Oop Cms Blog
CWE
CWE-89
Yayın Tarihi
2026-03-06 13:16:03
Güncelleme
2026-03-11 00:37:00
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-89 Php Oop Cms Blog HIGH Tomalofficial 2026

Referanslar

https://www.exploit-db.com/exploits/45799 https://www.vulncheck.com/advisories/oop-cms-blog-sql-injection-via-search-parameter