Home / Vulnerability Intelligence / CVE-2018-25199

CVE-2018-25199 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

OOP CMS BLOG - SQL Injection

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities caused by unsanitized input in search.php, page.php, and posts.php parameters, letting unauthenticated attackers execute arbitrary SQL queries to extract database information.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL queries to extract sensitive database information, including credentials and schema details.

Mitigation

Update to the latest version with SQL injection patches or apply appropriate input sanitization and parameterized queries.

References

https://www.exploit-db.com/exploits/45799
https://www.vulncheck.com/advisories/oop-cms-blog-sql-injection-via-search-parameter

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25199
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N