Description
No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.
Published: 2026-06-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic SQL injection in the order_by parameter of the manage_privilege export endpoint. Authenticated attackers can craft POST requests to /nocms/main/manage_privilege/index/export and embed malicious SQL in order_by[0] to manipulate queries and exfiltrate sensitive database data, potentially compromising confidentiality of the entire system.

Affected Systems

The affected product is No-CMS 1.0 from the vendor goFrendiAsgard (ASGARD). All installations using this version are vulnerable; no specific sub‑versions are listed beyond 1.0.

Risk and Exploitability

With a CVSS score of 7.1 the vulnerability is considered high severity. Because the EPSS score is not available, the current exploitation probability is unclear. The vulnerability is not listed in the CISA KEV catalog, but it requires authenticated access to the export endpoint, so the attack vector is likely an authenticated internal attacker. If the attacker obtains valid credentials, they can harvest sensitive data before the patch is applied.

Generated by OpenCVE AI on June 1, 2026 at 22:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest No‑CMS patch or upgrade to a version where the order_by parameter is removed or properly sanitised.
  • Limit access to the /nocms/main/manage_privilege/index/export endpoint to authorized administrators only and consider disabling or disabling the order_by feature if possible.
  • Monitor web server logs for abnormal POST requests to the export endpoint and enforce strict input validation to detect and block potential injection attempts.

Generated by OpenCVE AI on June 1, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.
Title No-Cms 1.0 SQL Injection via order_by Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T18:54:29.390Z

Reserved: 2026-06-01T11:48:19.971Z

Link: CVE-2018-25431

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-01T22:16:16.440

Modified: 2026-06-02T14:43:49.920

Link: CVE-2018-25431

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T22:30:03Z

Weaknesses