High severity8.2NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2018-25399
CVE-2018-25399
Description
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =3.30A
Patches
Vulnerability mechanics
References
4News mentions
1- Open ISES Tickets: Eight Unauthenticated High-Severity Bugs Disclosed in a Single BatchVypr Intelligence · May 30, 2026