CVE-2018-25163

HIGH

BitZoom 1.0 - Unauthenticated SQL Injection via rollno Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25163. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in BitZoom 1.0 via the 'rollno' and 'username' parameters in forgot.php and login.php. It includes crafted HTTP POST requests with URL-encoded SQL payloads designed to extract database schema information.

Description

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45862

The exploit demonstrates SQL injection vulnerabilities in BitZoom 1.0 via the 'rollno' and 'username' parameters in forgot.php and login.php. It includes crafted HTTP POST requests with URL-encoded SQL payloads designed to extract database schema information.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BitZoom 1.0
No auth needed
Prerequisites: access to the target web application
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45862

Scores

CVSS v3 8.2
EPSS 0.0024
EPSS Percentile 15.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026