CVE-2018-25425

Vulnerability

Yot CMS 3.3.1 and earlier versions are affected by an SQL injection vulnerability (CWE-89) in the index.php script. The aid and cid GET parameters are not properly sanitized before being used in SQL queries, allowing unauthenticated attackers to inject arbitrary SQL commands. The vulnerability is present in the default installation with no special configuration required [1][2].

Exploitation

An attacker can exploit this vulnerability by sending crafted GET requests to index.php with malicious SQL payloads in the aid or cid parameters. No authentication or user interaction is required, and the attack can be performed remotely over the network. The SQL injection is blind or error-based, depending on the database configuration, and attackers can use standard SQL injection techniques to enumerate the database schema [2].

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary SQL queries, leading to the extraction of sensitive information from the database, including table names, column names, and stored data. The confidentiality impact is high, while the integrity impact is low (limited to database manipulation). The scope does not change, meaning the attacker gains access to data within the vulnerable CMS database [2].

Mitigation

No official patch has been released as of the publication date. The vendor website (SourceForge) shows no updates beyond version 3.3.1 [1]. Users are advised to upgrade to a patched version if one becomes available, or to implement a web application firewall (WAF) rule to block malicious payloads in the aid and cid parameters. If the CMS is no longer maintained, migrating to an alternative, actively supported CMS should be considered. The vulnerability is not listed on the CISA KEV as of now [2].