Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names.
PUBLISHED5.2CWE-89
Yot CMS 3.3.1 SQL Injection via aid and cid Parameters
Problem type
Affected products
Yot
Yot CMS
3.3.1 - AFFECTED
References
ExploitDB-45768
https://www.exploit-db.com/exploits/45768
Official Product Homepage
https://yot.sourceforge.io/
Product Reference
https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip
VulnCheck Advisory: Yot CMS 3.3.1 SQL Injection via aid and cid Parameters
https://www.vulncheck.com/advisories/yot-cms-sql-injection-via-aid-and-cid-parameters
JSON source
https://cveawg.mitre.org/api/cve/CVE-2018-25425Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2018-25425",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-05-30T14:55:28.708Z",
"dateReserved": "2026-05-30T14:44:13.144Z",
"datePublished": "2026-05-30T14:55:28.708Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-05-30T14:55:28.708Z"
},
"datePublic": "2018-11-01T00:00:00.000Z",
"title": "Yot CMS 3.3.1 SQL Injection via aid and cid Parameters",
"descriptions": [
{
"lang": "en",
"value": "Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names."
}
],
"affected": [
{
"vendor": "Yot",
"product": "Yot CMS",
"versions": [
{
"version": "3.3.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/45768",
"name": "ExploitDB-45768",
"tags": [
"exploit"
]
},
{
"url": "https://yot.sourceforge.io/",
"name": "Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip",
"name": "Product Reference",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/yot-cms-sql-injection-via-aid-and-cid-parameters",
"name": "VulnCheck Advisory: Yot CMS 3.3.1 SQL Injection via aid and cid Parameters",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Ihsan Sencan",
"type": "finder"
}
]
}
}
}