CVE-2018-25163

HIGH

BitZoom 1.0 - SQL Injection

Title source: llm

Description

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45862

References (2)

Scores

CVSS v3 8.2
EPSS 0.0006
EPSS Percentile 19.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Classification

CWE
CWE-89
Status draft

Timeline

Published Mar 06, 2026
Tracked Since Mar 06, 2026