CVE-2018-25185

HIGH

Wecodex Restaurant CMS 1.0 SQL Injection via Login

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25185. PoCs published by AkkuS.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Wecodex Restaurant CMS 1.0 via the login functionality. It includes payloads for boolean-based blind and time-based blind SQL injection attacks.

Description

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by AkkuS · textwebappsphp
https://www.exploit-db.com/exploits/44730

This exploit demonstrates a SQL injection vulnerability in Wecodex Restaurant CMS 1.0 via the login functionality. It includes payloads for boolean-based blind and time-based blind SQL injection attacks.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Wecodex Restaurant CMS 1.0
No auth needed
Prerequisites: access to the login page
devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-44730
https://www.exploit-db.com/exploits/44730
Third Party Advisory third-party-advisory
VulnCheck Advisory: Wecodex Restaurant CMS 1.0 SQL Injection via Login
https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login

Scores

CVSS v3 8.2
EPSS 0.0047
EPSS Percentile 36.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
wecodex/restaurant_cms 1.0
Wecodex/Wecodex Restaurant CMS 1.0
Published Mar 26, 2026
Tracked Since Mar 26, 2026