High severity7.1NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2018-25392
CVE-2018-25392
Description
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 8.x-9.x
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.