The Open ISES Project 3.30A SQL Injection via nearby.php 漏洞概述 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the and parameters. Attackers can send GET requests to with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details. 影响范围 Open ISES Project <= 3.30A 修复方案 更新到最新版本 对输入参数进行严格的验证和过滤 使用参数化查询或预编译语句来防止SQL注入 参考链接 ExploitDB-45645 Official Product Homepage Product Reference 其他信息 严重性: HIGH 日期: 5/29/2026 CVE: CVE-2018-25399 CWE: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')) CVSS: 8.8 CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Credit: Ihsan Sencan