Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026
OOP CMS BLOG 1.0 SQL Injection via search parameter
CVE-2018-25199
Description
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.0
- Range: 1.0
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/45799mitreexploit
- www.vulncheck.com/advisories/oop-cms-blog-sql-injection-via-search-parametermitrethird-party-advisory
News mentions
0No linked articles in our index yet.