Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 02 Jun 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 30 May 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Talagasoft
Talagasoft maxon Erp |
|
| Vendors & Products |
Talagasoft
Talagasoft maxon Erp |
Fri, 29 May 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names. | |
| Title | MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter | |
| First Time appeared |
Maxonerp
Maxonerp maxon |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:maxonerp:maxon:8.0:*:*:*:*:*:*:* cpe:2.3:a:maxonerp:maxon:9.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Maxonerp
Maxonerp maxon |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-02T01:32:35.584Z
Reserved: 2026-05-29T11:28:57.397Z
Link: CVE-2018-25392
Updated: 2026-06-02T01:32:30.816Z
Status : Deferred
Published: 2026-05-29T16:16:18.513
Modified: 2026-05-29T16:29:11.350
Link: CVE-2018-25392
No data.
OpenCVE Enrichment
Updated: 2026-05-30T21:18:49Z