CVE-2018-25201

HIGH

7.1

Descripcion

School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques to the processlogin endpoint to authenticate as administrator without valid credentials.

Detalles CVE

Puntuacion CVSS v3.17.1

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado3/26/2026

Ultima modificacion3/27/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

wecodex:school_management_system_cms

Debilidades (CWE)

CWE-89

Referencias

https://www.exploit-db.com/exploits/44727(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/school-management-system-cms-admin-login-sql-injection(disclosure@vulncheck.com)

https://www.wecodex.com/item/view/school-management-system-in-php-and-mysql/5(disclosure@vulncheck.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.