CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/30 2:55 p.m.•26 views

CVE-2018-25425 Yot CMS 3.3.1 SQL Injection via aid and cid Parameters

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

EUVD•added 2026/05/30 2:55 p.m.•7 views

EUVD-2018-21947

8.8CVSS6.2AI score0.0027EPSS

CVE•added 2026/05/30 2:55 p.m.•16 views

CVE-2018-25424

The provided documents confirm a SQL injection vulnerability in Gate Pass Management System 2.1 affecting the login-exec.php authentication flow. Attackers can bypass authentication by submitting crafted POST requests with SQL payloads in the login and password parameters, enabling unauthenticate...

8.8CVSS5.9AI score0.0032EPSS

ATTACKERKB•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS

Cvelist•added 2026/05/30 2:55 p.m.•27 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

8.8CVSS0.0032EPSS

Vulnrichment•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25422 MOGG web simulator Script All Version SQL Injection via play.php

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00262EPSS

Exploits0References3

ATTACKERKB•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25422

8.8CVSS6.1AI score0.00262EPSS

Exploits0References3

Cvelist•added 2026/05/30 2:55 p.m.•28 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

ATTACKERKB•added 2026/05/30 2:55 p.m.•6 views

CVE-2018-25420

Vulnrichment•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

Vulnrichment•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

CVE•added 2026/05/30 2:55 p.m.•16 views

CVE-2018-25419

AiOPMSD Final 1.0.0 is affected by an SQL injection in genre.php. The vulnerability allows unauthenticated attackers to send crafted SQL payloads via the genre parameter in GET requests to extract sensitive data (usernames, databases, version details). CVSS metrics are provided (3.1: 8.2 High; 4....

Cvelist•added 2026/05/30 2:55 p.m.•26 views

CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php

Cvelist•added 2026/05/30 2:55 p.m.•31 views

CVE-2018-25418 AiOPMSD Final 1.0.0 SQL Injection via year.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

8.8CVSS0.00276EPSS

ATTACKERKB•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25418

8.8CVSS6.1AI score0.00276EPSS

CVE•added 2026/05/30 2:55 p.m.•18 views

CVE-2018-25417

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability via the quality parameter in quality.php. Unauthenticated attackers can send crafted SQL payloads to extract sensitive data (usernames, database names, version details). CVSS metrics indicate high severity (CVSS 3.1: 8.2; CVSS 4.0: 8.8)....

Cvelist•added 2026/05/30 2:55 p.m.•29 views

CVE-2018-25417 AiOPMSD Final 1.0.0 SQL Injection via quality.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

ATTACKERKB•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25417

Vulnrichment•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...