High severity8.2NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2018-25398
CVE-2018-25398
Description
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 3.30A
Patches
Vulnerability mechanics
References
4News mentions
1- Open ISES Tickets: Eight Unauthenticated High-Severity Bugs Disclosed in a Single BatchVypr Intelligence · May 30, 2026