{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/gofrendiasgard/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25431"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["No-Cms 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25431","web-application"],"_cs_type":"advisory","_cs_vendors":["goFrendiAsgard"],"content_html":"\u003cp\u003eNo-CMS 1.0 is susceptible to an SQL injection vulnerability within the \u003ccode\u003eorder_by\u003c/code\u003e parameter of the \u003ccode\u003e/nocms/main/manage_privilege/index/export\u003c/code\u003e endpoint. This flaw, identified as CVE-2018-25431, allows an authenticated attacker to inject arbitrary SQL code into database queries. Successful exploitation enables the attacker to extract sensitive information from the database. The vulnerability exists because the application fails to properly sanitize user-supplied input to the \u003ccode\u003eorder_by\u003c/code\u003e parameter, leading to unintended execution of attacker-controlled SQL commands. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized data access.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the No-CMS 1.0 application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request targeting the \u003ccode\u003e/nocms/main/manage_privilege/index/export\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a modified \u003ccode\u003eorder_by[0]\u003c/code\u003e parameter containing malicious SQL code.\u003c/li\u003e\n\u003cli\u003eThe application receives the request and processes the \u003ccode\u003eorder_by[0]\u003c/code\u003e parameter without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe unsanitized SQL code is injected into a database query executed by the application.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s injected SQL code manipulates the query to extract sensitive information.\u003c/li\u003e\n\u003cli\u003eThe database executes the modified query and returns the results to the application.\u003c/li\u003e\n\u003cli\u003eThe application displays or otherwise exposes the extracted sensitive information to the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25431) can lead to unauthorized access to sensitive data stored in the No-CMS database. This may include user credentials, personal information, financial records, or other confidential data. The impact of this vulnerability is high, as it allows an attacker with low privileges (authenticated user) to potentially compromise the entire database.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates to No-CMS to remediate CVE-2018-25431.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2018-25431 Exploitation Attempt — No-CMS SQL Injection via order_by Parameter\u0026rdquo; to your SIEM to identify malicious POST requests.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent SQL injection attacks in the \u003ccode\u003eorder_by\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/nocms/main/manage_privilege/index/export\u003c/code\u003e containing SQL syntax in the \u003ccode\u003eorder_by[0]\u003c/code\u003e parameter (see Sigma rule and logsource).\u003c/li\u003e\n\u003cli\u003eReview and restrict database user privileges to minimize the impact of successful SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T22:18:04Z","date_published":"2026-06-01T22:18:04Z","id":"https://feed.craftedsignal.io/briefs/2026-06-no-cms-sql-injection/","summary":"No-Cms 1.0 is vulnerable to SQL injection (CVE-2018-25431) in the order_by parameter of the manage_privilege export endpoint, allowing authenticated attackers to manipulate database queries and potentially extract sensitive information.","title":"No-CMS 1.0 SQL Injection Vulnerability (CVE-2018-25431)","url":"https://feed.craftedsignal.io/briefs/2026-06-no-cms-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — GoFrendiAsgard","version":"https://jsonfeed.org/version/1.1"}