CVE-2018-18982
Description
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NUUO CMS versions 3.3 and prior are vulnerable to SQL injection allowing remote code execution via the alarm query functionality.
Vulnerability
NUUO CMS versions 3.3 and prior contain a SQL injection vulnerability in the web server application. The application fails to properly sanitize user input when querying alarm states, allowing an attacker to inject arbitrary SQL characters into executing statements [1][2].
Exploitation
An attacker must have network access to the NUUO CMS server and either valid credentials (including default credentials) or be able to obtain an active session ID through session prediction. The exploit takes advantage of the alarm query functionality and can be executed via the Metasploit framework [2]. The attacker then injects SQL payloads to enable xp_cmdshell and achieve command execution.
Impact
Successful exploitation results in arbitrary remote code execution under the context of the SQL Server service (default installation uses SQL Server 2005 Express). This allows the attacker to execute operating system commands, leading to full compromise of the CMS server (confidentiality, integrity, availability) [1][2].
Mitigation
The ICS-CERT advisory (ICSA-18-284-02) recommends updating to the latest version of NUUO CMS; however, no specific fixed version is disclosed in the available references. Users should contact the vendor for patched software. Disabling the alarm query functionality or restricting network access may reduce risk.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.3
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- www.exploit-db.com/exploits/46449/mitreexploitx_refsource_EXPLOIT-DB
- ics-cert.us-cert.gov/advisories/ICSA-18-284-02mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.