HIGH
Talagasoft
CVE published 2026-05-29
CVE-2018-25392
CVE-2018-25392 documents an SQL injection vulnerability in MaxOn ERP Software versions 8.x through 9.x. The flaw exists in the log_activity function, where the nomor, user, and jenis parameters fail to properly sanitize user input. Authenticated attackers can exploit this by sending crafted POST requests to /index.php/user/log_activity with malicious SQL payloads, enabling arbitrary SQL query execution ag [truncated]