CVE-2018-25173

HIGH

Rmedia SMS 1.0 - Unauthenticated SQL Injection via editgrp.php gid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25173. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Rmedia SMS 1.0 via the 'gid' parameter in 'editgrp.php'. The payload extracts schema names from the database using a time-based blind SQLi technique with error-based extraction.

Description

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45855

The exploit demonstrates a SQL injection vulnerability in Rmedia SMS 1.0 via the 'gid' parameter in 'editgrp.php'. The payload extracts schema names from the database using a time-based blind SQLi technique with error-based extraction.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Rmedia SMS 1.0
No auth needed
Prerequisites: access to the target web application · valid path to 'editgrp.php'
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45855

Scores

CVSS v3 8.2
EPSS 0.0024
EPSS Percentile 14.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026