CVE-2018-25185

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-25185
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.exploit-db.com/exploits/44730 Exploit VDB Entry
https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login Third Party Advisory
https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:wecodex:restaurant_cms:1.0:*:*:*:*:*:*:*
History

27 Mar 2026, 21:00

Type Values Removed Values Added
First Time Wecodex restaurant Cms
Wecodex
CPE cpe:2.3:a:wecodex:restaurant_cms:1.0:*:*:*:*:*:*:*
References () https://www.exploit-db.com/exploits/44730 - () https://www.exploit-db.com/exploits/44730 - Exploit, VDB Entry
References () https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login - () https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login - Third Party Advisory
References () https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6 - () https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6 - Broken Link
Summary
  • (es) Wecodex Restaurant CMS 1.0 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados manipular consultas de base de datos inyectando código SQL a través del parámetro username. Los atacantes pueden enviar solicitudes POST al endpoint de inicio de sesión con cargas útiles SQL maliciosas utilizando técnicas ciegas basadas en booleanos o ciegas basadas en tiempo para extraer información sensible de la base de datos.

26 Mar 2026, 12:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-26 12:16

Updated : 2026-03-27 21:00

NVD link : CVE-2018-25185

Mitre link : CVE-2018-25185

CVE.ORG link : CVE-2018-25185

JSON object : View

Products Affected

wecodex

  • restaurant_cms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')