CVE-2018-25199
HIGH
8.2
Our Analysis: esv
Our model has classified this vulnerability as relevant to esv Systems, helping your team prioritize efforts effectively.
Published Date
March 6, 2026
Last Modified
March 6, 2026
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Description
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.