HIGH
Yot
CVE published 2026-05-30
CVE-2018-25425
CVE-2018-25425 documents an unauthenticated SQL injection vulnerability in Yot CMS version 3.3.1. The flaw resides in the `aid` and `cid` parameters of `index.php`, where attacker-supplied input is incorporated directly into SQL queries without adequate sanitization. Successful exploitation allows remote, unauthenticated attackers to execute arbitrary SQL statements, potentially enabling extraction of dat [truncated]