The Open ISES Project 3.30A SQL Injection via city_graph.php 漏洞概述 漏洞类型: SQL注入 严重程度: 高 发布日期: 2026年5月29日 CVE编号: CVE-2018-25403 CWE编号: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CVSS评分: 8.8 CVSS V4向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N 影响范围 受影响产品: Open ISES Project <= 3.30A 修复方案 修复建议: 更新到最新版本或应用官方提供的补丁。 描述 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data. 参考链接 ExploitDB-45645 Official Product Homepage Product Reference 贡献者 Ihsan Sencan