Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Silurus Classifieds Script 2.0: Malicious Code Execution via Malicious ID Parameter
CVE-2018-25182
Summary
An attacker can access sensitive information and potentially take control of your website by sending a specifically crafted URL to Silurus Classifieds Script 2.0. This is a serious issue because it allows unauthorized access to your database. You should update Silurus Classifieds Script 2.0 to a secure version or replace it with a new script as soon as possible.
Original title
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. A...
Original description
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026