CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/30 2:55 p.m.•7 views

EUVD-2018-21947

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

8.8CVSS6.2AI score0.0027EPSS

Cvelist•added 2026/05/30 2:55 p.m.•27 views

CVE-2018-25425 Yot CMS 3.3.1 SQL Injection via aid and cid Parameters

CVE•added 2026/05/30 2:55 p.m.•16 views

CVE-2018-25424

The provided documents confirm a SQL injection vulnerability in Gate Pass Management System 2.1 affecting the login-exec.php authentication flow. Attackers can bypass authentication by submitting crafted POST requests with SQL payloads in the login and password parameters, enabling unauthenticate...

8.8CVSS5.9AI score0.0032EPSS

ATTACKERKB•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS

Cvelist•added 2026/05/30 2:55 p.m.•27 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

8.8CVSS0.0032EPSS

Vulnrichment•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25422 MOGG web simulator Script All Version SQL Injection via play.php

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00262EPSS

Exploits0References3

ATTACKERKB•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25422

8.8CVSS6.1AI score0.00262EPSS

Exploits0References3

Cvelist•added 2026/05/30 2:55 p.m.•28 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

ATTACKERKB•added 2026/05/30 2:55 p.m.•6 views

CVE-2018-25420

Vulnrichment•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

CVE•added 2026/05/30 2:55 p.m.•16 views

CVE-2018-25419

AiOPMSD Final 1.0.0 is affected by an SQL injection in genre.php. The vulnerability allows unauthenticated attackers to send crafted SQL payloads via the genre parameter in GET requests to extract sensitive data (usernames, databases, version details). CVSS metrics are provided (3.1: 8.2 High; 4....

Vulnrichment•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

Cvelist•added 2026/05/30 2:55 p.m.•26 views

CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php

Cvelist•added 2026/05/30 2:55 p.m.•31 views

CVE-2018-25418 AiOPMSD Final 1.0.0 SQL Injection via year.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

8.8CVSS0.00276EPSS

ATTACKERKB•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25418

8.8CVSS6.1AI score0.00276EPSS

CVE•added 2026/05/30 2:55 p.m.•18 views

CVE-2018-25417

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability via the quality parameter in quality.php. Unauthenticated attackers can send crafted SQL payloads to extract sensitive data (usernames, database names, version details). CVSS metrics indicate high severity (CVSS 3.1: 8.2; CVSS 4.0: 8.8)....

Cvelist•added 2026/05/30 2:55 p.m.•29 views

CVE-2018-25417 AiOPMSD Final 1.0.0 SQL Injection via quality.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

ATTACKERKB•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25417

CVE•added 2026/05/30 2:55 p.m.•17 views

CVE-2018-25414

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in actor.php that can be exploited by unauthenticated attackers via the actor parameter. The vulnerability is triggered by crafted SQL payloads in GET requests to actor.php, allowing extraction of sensitive database information such as u...