← Zuruck zu CVEs
CVE-2018-25129
HIGH7.5
Beschreibung
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/24/2025
Zuletzt geandert12/29/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-639
Referenzen
http://www.socatech.com(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46832(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.