What is CVE-2018-18982?

CVE-2018-18982 is a vulnerability in Nuuo Cms, classified under SQL Injection. Published 2018-11-27.

Is CVE-2018-18982 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Nuuo Cms

CVE-2018-18982

NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.

Vulnerability class: SQL Injection

EPSS: 0.668 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a Nuuo Cms — versions All versions 3.3 and prior

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon

References

46449 (exploit, x_refsource_EXPLOIT-DB)
ics-cert.us-cert.gov/advisories/ICSA-18-284-02 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-18982?: CVE-2018-18982 is a vulnerability in Nuuo Cms, classified under SQL Injection. Published 2018-11-27.
Is CVE-2018-18982 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.