Cyber Posture

CVE-2018-25319

HighPublic PoC

Published: 17 May 2026

Published
17 May 2026
Modified
18 May 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0002 7.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25319 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, ranked at the 7.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing
addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

SI-10 Information Input Validation
addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

NVD Description

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to…

more

extract or modify sensitive database information.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-89

CVEs Like This One

CVE-2025-69213Shared CWE-89
CVE-2025-40639Shared CWE-89
CVE-2019-25674Shared CWE-89
CVE-2019-25526Shared CWE-89
CVE-2019-25524Shared CWE-89
CVE-2025-52577Shared CWE-89
CVE-2025-23780Shared CWE-89
CVE-2026-40887Shared CWE-89
CVE-2025-24368Shared CWE-89
CVE-2026-41490Shared CWE-89

References