Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
OOP CMS BLOG 1.0 Allows Unauthenticated SQL Query Execution
CVE-2018-25199
Summary
An attacker can exploit vulnerabilities in OOP CMS BLOG 1.0 to extract sensitive database information without needing a login. This can happen when an attacker injects malicious code into certain parameters in the system. To protect yourself, update to a patched version of the software or consider replacing it with a more secure alternative.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tomalofficial | php_oop_cms_blog | 1.0 | – |
Original title
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can ...
Original description
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026