Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026

OOP CMS BLOG 1.0 SQL Injection via search parameter

CVE-2018-25199

Description

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.

Affected products

Zhisheng17/Blogllm-fuzzy
Range: =1.0
Zsoft/Oop CMS Blogv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/45799mitreexploit
www.vulncheck.com/advisories/oop-cms-blog-sql-injection-via-search-parametermitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000