CVE-2018-25257

HIGH CVSS 7.1 View on NVD ↗

Description

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

References

https://www.exploit-db.com/exploits/46217
https://www.vulncheck.com/advisories/adianti-framework-and-sql-injection-via-profile

Published: Apr 12, 2026 13:16 UTC Modified: Apr 12, 2026 13:16 UTC