CVE-2018-25257 PUBLISHED

Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Assigner: VulnCheck
Reserved: 12.04.2026 Published: 12.04.2026 Updated: 12.04.2026

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 7.1

Product Status

Vendor adianti
Product Adianti Framework
Versions
  • Version 5.5.0 is affected

Credits

  • [Joner de Mello Assolin] finder

References

Problem Types

  • Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE