CVE-2018-25392
SQL Injection in MaxOn ERP Software
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| talagasoft | maxon_erp_software | to 8.0|start_including=9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in MaxOn ERP Software allows attackers to extract sensitive database information, which could include personal or confidential data. Such unauthorized data access and potential data breaches can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access.
Because the vulnerability enables attackers to execute arbitrary SQL queries and extract sensitive information, organizations using affected versions of MaxOn ERP Software may face increased risk of data exposure, potentially violating compliance requirements for data confidentiality and integrity.
Can you explain this vulnerability to me?
CVE-2018-25392 is an SQL injection vulnerability in MaxOn ERP Software versions 8.x to 9.x. It allows authenticated users to execute arbitrary SQL commands by injecting malicious SQL code into the 'nomor', 'user', and 'jenis' parameters of the log_activity function. Attackers exploit this by sending specially crafted POST requests to the /index.php/user/log_activity endpoint.
This vulnerability arises from improper neutralization of special elements in SQL commands, which means the software does not properly sanitize user input before including it in SQL queries.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows attackers to extract sensitive database information such as database version and database names. This unauthorized access can lead to data leakage and potentially further exploitation of the system.
Since the vulnerability allows execution of arbitrary SQL commands, it could be used to manipulate or access data without proper authorization, compromising the confidentiality and integrity of the database.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for malicious POST requests sent to the /index.php/user/log_activity endpoint containing SQL injection payloads in the 'nomor', 'user', or 'jenis' parameters.
A practical detection method involves sending crafted POST requests with SQL injection test payloads to these parameters and observing the server response for errors such as HTTP 500 Internal Server Error, which may indicate successful SQL injection execution.
Example command using curl to test for the vulnerability:
- curl -X POST -d "nomor=1' OR '1'='1&user=test&jenis=test" http://[target]/index.php/user/log_activity -v
If the server responds with an error or unexpected behavior, it may confirm the presence of the SQL injection vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint to only trusted authenticated users and implementing input validation and sanitization on the 'nomor', 'user', and 'jenis' parameters to prevent SQL injection.
Additionally, monitoring and blocking suspicious POST requests targeting /index.php/user/log_activity can reduce exploitation risk.
Applying any available patches or updates from the vendor that address this vulnerability is strongly recommended.