Home / Vulnerability Intelligence / CVE-2018-25166

CVE-2018-25166 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

Meneame English Pligg - SQL Injection

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

Meneame English Pligg 5.8 contains an sql injection caused by unsanitized input in the search parameter in index.php, letting unauthenticated attackers execute arbitrary SQL queries and extract sensitive database information, exploit requires crafted GET requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL queries to extract sensitive database information.

Mitigation

Update to the latest version of Meneame English Pligg.

References

https://www.exploit-db.com/exploits/45875
https://www.vulncheck.com/advisories/meneame-english-pligg-sql-injection-via-search-parameter

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25166
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N