SQL Injection Vulnerability in Open ISES Project by Open ISES
CVE-2018-25398

8.8HIGH

Key Information:

Vendor: Open Ises
Status: Open Ises Project
Vendor: CVE Published:; 29 May 2026

Badges

👾 Exploit Exists

What is CVE-2018-25398?

The Open ISES Project 3.30A is susceptible to a SQL injection issue that enables attackers to run arbitrary SQL queries via the frm_passwd parameter. By sending specially crafted POST requests to main.php, unauthorized users can manipulate the database and retrieve sensitive information such as usernames, database names, and version details, posing a significant risk to data security.

Affected Version(s)

Open ISES Project 3.30A

References

https://www.exploit-db.com/exploits/45645

exploit

http://openises.sourceforge.net/

product

https://sourceforge.net/projects/openises/files/latest/do...

product

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 29, 2026
👾
Exploit known to exist
May 29, 2026
Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Ihsan Sencan

CVE-2018-25398 Data

JSON

Open Ises

Badges

What is CVE-2018-25398?

Affected Version(s)

References

CVSS V4

Timeline

Credit