CVE-2018-25128

HIGH

SOCA Access Control System 180612 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25128. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates SQL injection and authentication bypass vulnerabilities in SOCA Access Control System versions 180612, 170000, and 141007. It includes proof-of-concept curl commands to bypass authentication and extract sensitive data such as user credentials and table structures from the database.

Description

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/46833

View Code ZIP pw:eip

This exploit demonstrates SQL injection and authentication bypass vulnerabilities in SOCA Access Control System versions 180612, 170000, and 141007. It includes proof-of-concept curl commands to bypass authentication and extract sensitive data such as user credentials and table structures from the database.

Classification

Working Poc 100%

Attack Type

Sqli | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SOCA Access Control System (versions 180612, 170000, 141007)

No auth needed

Prerequisites: Network access to the target system · SOCA Access Control System running a vulnerable version

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46833

Various Sources product

http://www.socatech.com

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5519.php

Scores

CVSS v3 8.2

EPSS 0.0035

EPSS Percentile 27.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (3)

SOCA Technology Co., Ltd/SOCA Access Control System 141007

SOCA Technology Co., Ltd/SOCA Access Control System 170000

SOCA Technology Co., Ltd/SOCA Access Control System 180612

Published Dec 24, 2025

Tracked Since Feb 18, 2026