CVE-2018-25431 in No-CMSinfo

Summary

by MITRE • 06/02/2026

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/01/2026

Disclosure

06/02/2026

Moderation

accepted

Entry

VDB-367826

CPE

ready

CWE

CWE-89 (confirmed)

Exploit

Download

CVSS

7.1 (CNA)

EPSS

0.00026

KEV

Activities

low

Sector

Hostingprovider, Agriculture, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-25431
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-25431
CVE Details	https://www.cvedetails.com/cve/CVE-2018-25431/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!