What is GHSA-rg4p-86vf-v29c?

GHSA-rg4p-86vf-v29c is a security advisory published by GitHub Security Advisories with High severity. MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated...

Which CVE IDs does GHSA-rg4p-86vf-v29c cover?

GHSA-rg4p-86vf-v29c covers the following CVE IDs: CVE-2018-25392. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-rg4p-86vf-v29c?

GHSA-rg4p-86vf-v29c has a CVSS v3 base score of 7.1, published by GitHub Security Advisories.

GHSA-rg4p-86vf-v29cHighCVSS 7.1

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2018-25392 →

📋 Description

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25392
https://www.exploit-db.com/exploits/45605
https://www.vulncheck.com/advisories/maxon-erp-software-8-x-9-x-sql-injection-via-nomor-parameter
http://demo.maxonerp.com
http://www.talagasoft.com
https://github.com/advisories/GHSA-rg4p-86vf-v29c