CVE-2018-25431
7.1 HIGHNo-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenti...
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-89
Description
No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2018-25431
- [Other]https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master
- [Other]https://github.com/goFrendiAsgard/No-CMS
- [Other]https://www.exploit-db.com/exploits/45903
- [Other]https://www.vulncheck.com/advisories/no-cms-sql-injection-via-order-by-parameter
Related CVEs
Same CWE
- CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
- CVE-2026-12188 — A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
- CVE-2026-12175 — A vulnerability was detected in CodeAstro Student Attendance Management System 1.0 (4.7 MEDIUM)
- CVE-2026-6428 — SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 2... (7.6 HIGH)
- CVE-2026-9848 — The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and i... (7.5 HIGH)