Cyber Resilience

CVE-2018-25379

HighPublic PoC

Published: 25 May 2026

Published
25 May 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0039 30.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25379 is a high-severity SQL Injection (CWE-89) vulnerability in Ourenergy (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, ranked at the 30.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information…

more

from the database using time-based blind techniques.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-26709Shared CWE-89
CVE-2026-24956Shared CWE-89
CVE-2021-47980Shared CWE-89
CVE-2018-25199Shared CWE-89
CVE-2026-27179Shared CWE-89
CVE-2026-33615Shared CWE-89
CVE-2025-0308Shared CWE-89
CVE-2025-28939Shared CWE-89
CVE-2019-25581Shared CWE-89
CVE-2026-27885Shared CWE-89

Affected Assets

Ourenergy
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References