{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/yot-cms-3.3.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25425"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Yot CMS 3.3.1"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve","web-application"],"_cs_type":"threat","_cs_vendors":["SourceForge"],"content_html":"\u003cp\u003eYot CMS 3.3.1 is susceptible to an SQL injection vulnerability (CVE-2018-25425) that enables unauthenticated attackers to execute arbitrary SQL queries. The vulnerability stems from insufficient input sanitization within the application, specifically affecting the \u003ccode\u003eaid\u003c/code\u003e and \u003ccode\u003ecid\u003c/code\u003e parameters. By crafting malicious SQL payloads within GET requests to the \u003ccode\u003eindex.php\u003c/code\u003e endpoint, attackers can potentially extract sensitive database information, including table and column names. This vulnerability poses a significant risk, as it allows unauthorized access to the underlying database, compromising the confidentiality and integrity of the CMS and its data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a Yot CMS 3.3.1 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload designed to extract database information. This payload is injected into either the \u003ccode\u003eaid\u003c/code\u003e or \u003ccode\u003ecid\u003c/code\u003e parameter of a GET request.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted GET request to the \u003ccode\u003eindex.php\u003c/code\u003e endpoint of the vulnerable Yot CMS instance. For example: \u003ccode\u003eindex.php?aid=malicious_sql_payload\u003c/code\u003e or \u003ccode\u003eindex.php?cid=malicious_sql_payload\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Yot CMS application processes the GET request without properly sanitizing the \u003ccode\u003eaid\u003c/code\u003e or \u003ccode\u003ecid\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL payload is passed directly to the database server.\u003c/li\u003e\n\u003cli\u003eThe database server executes the injected SQL query.\u003c/li\u003e\n\u003cli\u003eThe database server returns the results of the injected SQL query to the Yot CMS application.\u003c/li\u003e\n\u003cli\u003eThe Yot CMS application displays the extracted database information, potentially revealing sensitive data like table names, column names, and data contained within the tables.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25425) allows unauthenticated attackers to execute arbitrary SQL queries on the Yot CMS 3.3.1 database. This can lead to the disclosure of sensitive information, such as usernames, passwords, and other confidential data stored in the database. The attacker could potentially gain complete control over the database, leading to data modification, deletion, or the insertion of malicious content into the CMS.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization techniques to all user-supplied input, especially within the \u003ccode\u003eaid\u003c/code\u003e and \u003ccode\u003ecid\u003c/code\u003e parameters of \u003ccode\u003eindex.php\u003c/code\u003e, to prevent SQL injection attacks as described in CVE-2018-25425.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Yot CMS SQL Injection Attempt via GET Parameters\u0026rdquo; to detect exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious GET requests to \u003ccode\u003eindex.php\u003c/code\u003e containing SQL keywords or special characters in the \u003ccode\u003eaid\u003c/code\u003e or \u003ccode\u003ecid\u003c/code\u003e parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:21:39Z","date_published":"2026-05-30T16:21:39Z","id":"https://feed.craftedsignal.io/briefs/2026-05-yot-cms-sqli/","summary":"Yot CMS 3.3.1 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters in GET requests, potentially leading to database information disclosure.","title":"Yot CMS 3.3.1 SQL Injection Vulnerability (CVE-2018-25425)","url":"https://feed.craftedsignal.io/briefs/2026-05-yot-cms-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Yot CMS 3.3.1","version":"https://jsonfeed.org/version/1.1"}