top of page
perceptive_background_267k.jpg

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and…

Published:

28 May 2026 at 22:00:00

Alert date:

29 May 2026 at 17:11:07

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Database & Storage, Web Technologies

MaxOn ERP Software versions 8.x-9.x contains an SQL injection vulnerability in the log_activity function. Authenticated attackers can exploit the nomor, user, and jenis parameters by sending malicious POST requests to /index.php/user/log_activity. The vulnerability allows execution of arbitrary SQL queries to extract sensitive database information including version details and database names. The flaw affects the log_activity function and can be exploited through parameter manipulation in POST requests.

Technical details

Mitigation steps:

Affected products:

MaxOn ERP Software

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25392
http://demo.maxonerp.com/
http://www.talagasoft.com
https://www.exploit-db.com/exploits/45605
https://www.vulncheck.com/advisories/maxon-erp-software-8-x-9-x-sql-injection-via-nomor-parameter

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page