← Back

Php Oop Cms Blog

php_oop_cms_blog

Vendor: Tomalofficial • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-25200
1Tomalofficial
1Php Oop Cms Blog
Mar 11, 2026
Mar 6, 2026
6.9 MEDIUM· v4
8.8 HIGH· v3
N/A· v2
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the add...Show more
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.Show less
CVE-2018-25199
1Tomalofficial
1Php Oop Cms Blog
Mar 11, 2026
Mar 6, 2026
8.8 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via...Show more
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.Show less