CVE-2018-25401

HIGH 8.2

The Open ISES Project 3.30A SQL Injection via sever_graph.php

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

0th

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.

CWE	CWE-89
Vendor	open ises
Product	open ises project
Published	May 29, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for open ises open ises project

Be the first to know when new high vulnerabilities affecting open ises open ises project are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

Open ISES / Open ISES Project

3.30A

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45645 openises.sourceforge.net: http://openises.sourceforge.net/ sourceforge.net: https://sourceforge.net/projects/openises/files/latest/download vulncheck.com: https://www.vulncheck.com/advisories/the-open-ises-project-3-30a-sql-injection-via-sever-graph-php

Credits

Ihsan Sencan