CVE-2018-18803

CRITICAL

Curriculum Evaluation System - SQL Injection

Title source: rule

Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

CVSS v3 9.8

EPSS 0.0264

EPSS Percentile 85.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

Status published

Products (1)

curriculum_evaluation_system_project/curriculum_evaluation_system 1.0

Published Nov 16, 2018

Tracked Since Feb 18, 2026