CVE-2018-25183

HIGH

Shipping System CMS 1.0 SQL Injection via admin login

Title source: cna

Description

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login endpoint to authenticate without valid credentials.

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/44722

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44722

https://www.exploit-db.com/exploits/44722

Product product

Official Product Homepage

https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4

Third Party Advisory third-party-advisory

VulnCheck Advisory: Shipping System CMS 1.0 SQL Injection via admin login

https://www.vulncheck.com/advisories/shipping-system-cms-sql-injection-via-admin-login

Scores

CVSS v3 8.2

EPSS 0.0043

EPSS Percentile 62.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

Wecodex/Shipping System CMS 1.0

wecodex/shipping_system_cms 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026