Tomalofficial

tomalofficial

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Php Oop Cms Blog

php_oop_cms_blog

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-25200 1Tomalofficial 1Php Oop Cms Blog Mar 11, 2026 Mar 6, 2026 6.9 MEDIUM· v4 8.8 HIGH· v3 N/A· v2 OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the add...Show more OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.Show less
CVE-2018-25199 1Tomalofficial 1Php Oop Cms Blog Mar 11, 2026 Mar 6, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via...Show more OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-25200

1Tomalofficial

1Php Oop Cms Blog

Mar 11, 2026

Mar 6, 2026

6.9 MEDIUM· v4

8.8 HIGH· v3

N/A· v2

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.Show less

CVE-2018-25199

1Tomalofficial

1Php Oop Cms Blog

Mar 11, 2026

Mar 6, 2026

8.8 HIGH· v4

9.8 CRITICAL· v3

N/A· v2

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.Show less