Search criteria
2 vulnerabilities found for Yot CMS by Yot
CVE-2018-25425 (GCVE-0-2018-25425)
Vulnerability from nvd – Published: 2026-05-30 14:55 – Updated: 2026-05-30 14:55
VLAI
Title
Yot CMS 3.3.1 SQL Injection via aid and cid Parameters
Summary
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45768 | exploit |
| https://yot.sourceforge.io/ | product |
| https://ayera.dl.sourceforge.net/project/yot/Yot%… | product |
| https://www.vulncheck.com/advisories/yot-cms-sql-… | third-party-advisory |
Date Public
2018-11-01 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Yot CMS",
"vendor": "Yot",
"versions": [
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:28.708Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45768",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45768"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://yot.sourceforge.io/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip"
},
{
"name": "VulnCheck Advisory: Yot CMS 3.3.1 SQL Injection via aid and cid Parameters",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/yot-cms-sql-injection-via-aid-and-cid-parameters"
}
],
"title": "Yot CMS 3.3.1 SQL Injection via aid and cid Parameters",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25425",
"datePublished": "2026-05-30T14:55:28.708Z",
"dateReserved": "2026-05-30T14:44:13.144Z",
"dateUpdated": "2026-05-30T14:55:28.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25425 (GCVE-0-2018-25425)
Vulnerability from cvelistv5 – Published: 2026-05-30 14:55 – Updated: 2026-05-30 14:55
VLAI
Title
Yot CMS 3.3.1 SQL Injection via aid and cid Parameters
Summary
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45768 | exploit |
| https://yot.sourceforge.io/ | product |
| https://ayera.dl.sourceforge.net/project/yot/Yot%… | product |
| https://www.vulncheck.com/advisories/yot-cms-sql-… | third-party-advisory |
Date Public
2018-11-01 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Yot CMS",
"vendor": "Yot",
"versions": [
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:28.708Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45768",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45768"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://yot.sourceforge.io/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip"
},
{
"name": "VulnCheck Advisory: Yot CMS 3.3.1 SQL Injection via aid and cid Parameters",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/yot-cms-sql-injection-via-aid-and-cid-parameters"
}
],
"title": "Yot CMS 3.3.1 SQL Injection via aid and cid Parameters",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25425",
"datePublished": "2026-05-30T14:55:28.708Z",
"dateReserved": "2026-05-30T14:44:13.144Z",
"dateUpdated": "2026-05-30T14:55:28.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}