CVE-2018-25392 in MaxOn ERP
Summary
by MITRE • 05/29/2026
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/29/2026
This vulnerability exists within MaxOn ERP Software versions 8.x through 9.x and represents a critical sql injection flaw that undermines the application's database security controls. The vulnerability specifically affects the log_activity function which processes user inputs through three distinct parameters: nomor, user, and jenis. These parameters are not properly sanitized or validated before being incorporated into sql queries, creating an exploitable path for authenticated attackers to manipulate database operations. The vulnerability classification aligns with cwe-89 sql injection as defined by the common weakness enumeration catalog, which identifies improper neutralization of special elements used in sql commands as a primary weakness. Attackers can leverage this vulnerability by submitting crafted post requests to the /index.php/user/log_activity endpoint where they can inject malicious sql payloads through the vulnerable parameters. The exploitation process allows threat actors to execute arbitrary sql queries against the underlying database system, potentially enabling them to extract sensitive information such as database version details, database names, and other structural database elements. This information disclosure represents a significant security risk as it provides attackers with detailed knowledge about the database infrastructure that can be used to plan further attacks. The impact extends beyond simple information gathering as the vulnerability permits full sql command execution, potentially allowing attackers to modify, delete, or extract any data stored within the database. The attack vector requires authentication, meaning that an attacker must first obtain valid user credentials to exploit this vulnerability, but once authenticated they can leverage the flaw to perform unauthorized database operations. This vulnerability directly maps to attack technique t1071.004 application layer protocol network protocol implementation weakness within the attack tactic t1068 legitimate credential use in the attack chain, as it exploits legitimate database interaction mechanisms to achieve unauthorized access. The operational impact of this vulnerability includes potential data breaches, unauthorized data modification, and complete database compromise. Organizations using MaxOn ERP Software within this version range face significant risk of unauthorized access to sensitive business data, user credentials, and system information. The vulnerability's persistence across multiple minor versions indicates a systemic security issue within the application's database interaction framework. Mitigation strategies should include immediate patching of the affected software versions, implementation of proper input validation and parameterized queries, and network segmentation to limit access to the vulnerable application. Additionally, organizations should enforce strong authentication controls, implement monitoring for unusual database access patterns, and conduct regular security assessments of their erp systems. The vulnerability demonstrates the critical importance of proper input sanitization and sql query construction in enterprise applications, particularly those handling sensitive business data. Security teams should also consider implementing web application firewalls and database activity monitoring solutions to detect and prevent exploitation attempts. Regular vulnerability scanning and penetration testing of erp systems can help identify similar sql injection vulnerabilities in other business applications within the organization's infrastructure.