CVE-2018-25411— MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

CVSS 8.2 · High EPSS 0.27% · P18 Updated Jun 01, 2026

Possible ATT&CK Techniques 1AI

T1059 · Command and Scripting Interpreter

Affected Version Matrix 1

Vendor	Product	Version Range	Status
M-Gb	MGB OpenSource Guestbook	`0.7.0.2`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-25411

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

Source: NVD (National Vulnerability Database)

Vulnerability Description

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

MGB OpenSource Guestbook SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

MGB OpenSource Guestbook是MGB OpenSource Guestbook开源的一个基于Web的留言簿系统。 MGB OpenSource Guestbook 0.7.0.2版本存在SQL注入漏洞，该漏洞源于通过id参数注入恶意代码，可能导致未经身份验证的攻击者执行任意SQL查询，提取包括表和列名在内的敏感数据库信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
M-Gb	MGB OpenSource Guestbook	0.7.0.2	-

II. Public POCs for CVE-2018-25411

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-25411

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same weakness: CWE-89

V. Comments for CVE-2018-25411

Anonymous User

2026-06-06 04:09:59

하나같이 노출이 심하거나 몸에 딱 달라붙는 의상이었습니다. https://lovealba.co.kr/ 여자고수익알바 대구 룸알바

Anonymous User

2026-06-11 05:55:45

Cabiinet IQ 8305 Stzte Hwy 71 #110, Austin, TX 78735, United Ⴝtates 254-275-5536 Quality

Anonymous User

2026-06-11 06:29:59

Cabinet IQ 8305 State Hwy 71 #110, Austin, TX 78735, United Տtates 254-275-5536 Kitchenproject

Anonymous User

2026-06-11 07:25:42

Cabinet IQ 8305 Ѕtate Hwyy 71 #110, Austin, TX 78735, United Stɑtes 254-275-5536 Remodelbudget

Anonymous User

2026-06-11 18:33:08

Cabinet IQ 8305 Stɑtе Hwyy 71 #110, Austin, TX 78735, United Ѕtates 254-275-5536 Virtualremodel

Anonymous User

2026-06-15 01:21:10

Cabinet IQ 8305 State Hwy 71 #110, Austin, TX 78735, United States 254-275-5536 Stained

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-25411— MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

I. Basic Information for CVE-2018-25411

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-25411

III. Intelligence Information for CVE-2018-25411

Vendor Advisories for CVE-2018-25411 (1)

Exploits & Public PoCs for CVE-2018-25411 (1)

Vendor Pages for CVE-2018-25411 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2018-25411

Anonymous User

Anonymous User

Anonymous User

Anonymous User

Anonymous User

Anonymous User

Leave a comment