CVE-2018-25431
Deferred Deferred - Pending Action
SQL Injection in No-CMS via manage_privilege Export

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2018-25431
EUVD
EUVD-2018-21952
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
go_frendi_asgard no-cms 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint.

This vulnerability allows authenticated attackers to manipulate database queries by submitting POST requests with malicious SQL code in the order_by[0] parameter.

As a result, attackers can extract sensitive information from the database.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive database information.

Since attackers can manipulate database queries, they may extract confidential data, potentially leading to data breaches.

The CVSS v3.1 score of 7.1 indicates a high severity impact on confidentiality with limited impact on integrity and no impact on availability.

Compliance Impact

The SQL injection vulnerability in No-CMS 1.0 allows authenticated attackers to extract sensitive database information by manipulating SQL queries. This exposure of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access.

Because the vulnerability impacts confidentiality of data, organizations using affected versions of No-CMS may face risks related to data breaches, potentially resulting in regulatory penalties and loss of trust.

Detection Guidance

This vulnerability can be detected by monitoring for POST requests to the endpoint /nocms/main/manage_privilege/index/export that include suspicious or malicious SQL code in the order_by[0] parameter.

A practical approach is to capture and analyze HTTP POST traffic targeting this endpoint and look for SQL injection patterns in the order_by parameter.

For example, using curl to test the endpoint with a crafted payload might help identify if the system is vulnerable:

  • curl -X POST -d 'order_by[0]=1 UNION SELECT user(), database(), version()-- ' http://target/nocms/main/manage_privilege/index/export

Additionally, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on POST requests containing SQL keywords or suspicious payloads in the order_by parameter.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint to only trusted authenticated users and monitoring for suspicious activity targeting the order_by parameter.

Applying input validation and sanitization on the order_by parameter to prevent SQL injection is critical.

If available, update No-CMS to a patched version that addresses this vulnerability.

As a temporary measure, consider disabling or restricting the manage_privilege export functionality if it is not essential.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart