CVE-2018-25183

HIGH

Shipping System CMS 1.0 SQL Injection via admin login

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25183. PoCs published by AkkuS.

AI-analyzed exploit summary This exploit demonstrates a boolean-based blind SQL injection vulnerability in Shipping System CMS 1.0 via the 'username' POST parameter during login. The payload uses MySQL RLIKE to bypass authentication by manipulating the query logic.

Description

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login endpoint to authenticate without valid credentials.

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/44722

View Code ZIP pw:eip

This exploit demonstrates a boolean-based blind SQL injection vulnerability in Shipping System CMS 1.0 via the 'username' POST parameter during login. The payload uses MySQL RLIKE to bypass authentication by manipulating the query logic.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Shipping System CMS 1.0

No auth needed

Prerequisites: access to the login page · valid session cookie

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44722

https://www.exploit-db.com/exploits/44722

Product product

Official Product Homepage

https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4

Third Party Advisory third-party-advisory

VulnCheck Advisory: Shipping System CMS 1.0 SQL Injection via admin login

https://www.vulncheck.com/advisories/shipping-system-cms-sql-injection-via-admin-login

Scores

CVSS v3 8.2

EPSS 0.0052

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

Wecodex/Shipping System CMS 1.0

wecodex/shipping_system_cms 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026