What is GHSA-vvfm-5wmw-9mpp?

GHSA-vvfm-5wmw-9mpp is a security advisory published by GitHub Security Advisories with High severity. Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang...

Which CVE IDs does GHSA-vvfm-5wmw-9mpp cover?

GHSA-vvfm-5wmw-9mpp covers the following CVE IDs: CVE-2018-25379. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vvfm-5wmw-9mpp?

GHSA-vvfm-5wmw-9mpp has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-vvfm-5wmw-9mppHighCVSS 8.2

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25379 →

📋 Description

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2018-25379
https://www.exploit-db.com/exploits/45446
https://www.vulncheck.com/advisories/collectric-cmu-sql-injection-via-lang-parameter
http://ourenergy.se
https://github.com/advisories/GHSA-vvfm-5wmw-9mpp