CVE-2018-25176 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: March 6, 2026
Alive Parish - SQL Injection & Unrestricted File Upload
Published: March 6, 2026Updated: March 6, 2026Remote Exploitable
Overview
Alive Parish 2.0.4 contains an SQL injection caused by unsanitized input in the key parameter of the search endpoint, letting unauthenticated attackers execute arbitrary SQL queries. It also contains an unrestricted file upload vulnerability in the person photo upload functionality, allowing remote code execution.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Unauthenticated attackers can execute arbitrary SQL queries and upload files for remote code execution, potentially compromising the entire system.
Mitigation
Update to the latest version that addresses these vulnerabilities.
References
Related Resources
Details
- CVE ID
- CVE-2018-25176
- Severity
- High
- CVSS Score
- 8.2
- Type
- sql_injection
- Status
- new
CWE
- CWE-352
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N