How to fix CVE-2018-25182?

Within 24 hours: Inventory all systems running Silurus Classifieds Script 2.0 and take them offline or restrict network access to trusted sources only. Within 7 days: Deploy WAF rules to block SQL injection attempts on the ID parameter, implement input validation, and conduct database audit for unauthorized access. Within 30 days: Migrate to a patched version, alternative software, or replace the application entirely if the vendor cannot provide a security update.

Is PHP affected by CVE-2018-25182?

A high-severity SQL injection vulnerability in Silurus Classifieds Script 2.0 allows unauthenticated attackers to directly access and manipulate your database without authentication. Any organization running this software is at immediate risk of data theft, data destruction, or system compromise.

CVE-2018-25182

HIGH

2026-03-06 [email protected]

8.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 09, 2026 - 13:35 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 13:16 nvd

HIGH 8.2

Description

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database.

Analysis

Technical Context

Classified as CWE-89 (SQL Injection). Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database.

Affected Products

Component: the ID.

Remediation

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +41

POC: +20

CVE-2018-25182 vulnerability details – vuln.today

Back

CVE-2018-25182

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2018-25182

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code