Skip to content
CVSS 8.2 · HIGH

CVE-2018-25300

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database information.

Ver en NVD

Análisis

XATABoost CMS is a niche content management system with very limited adoption in the developer community. While the SQL injection vulnerability is serious and allows unauthenticated data extraction, the software is not widely deployed enough to warrant an alert for general community admins.

Severidad

Puntaje: 8.2(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: LOW
A: NONE
Tipo de falla (CWE): CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0009 (0.1%)
Percentil: 24.5%
EPSS: 2026-05-06

Descripción técnica

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database information.

Publicada: 29/4/2026, 20:16:25
Última modificación: 30/4/2026, 15:44:48

Referencias

InicioEventosBlogRecursosEquipo