CVE-2018-25180

HIGH

Maitra 1.7.2 - Authenticated SQL Injection via Mailid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25180. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates SQL injection and direct database file download vulnerabilities in Maitra Mail Tracking System 1.7.2. It includes functional HTTP requests to exploit SQLi via the 'mailid' parameter and to download the SQLite database file directly.

Description

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45841

The exploit demonstrates SQL injection and direct database file download vulnerabilities in Maitra Mail Tracking System 1.7.2. It includes functional HTTP requests to exploit SQLi via the 'mailid' parameter and to download the SQLite database file directly.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Maitra Mail Tracking System 1.7.2
Auth required
Prerequisites: network access to the target application · valid session cookie
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45841

Scores

CVSS v3 7.1
EPSS 0.0019
EPSS Percentile 9.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026