CVE-2018-25194

HIGH

Nominas 0.27 - Unauthenticated SQL Injection via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25194. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This is a functional SQL injection exploit for Nominas 0.27, demonstrating a UNION-based attack via the 'username' parameter in the login form. The payload extracts database metadata (user, database name, and version) and is confirmed to work on the specified software version.

Description

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection payloads to extract database information including usernames, database names, and version details.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45820

This is a functional SQL injection exploit for Nominas 0.27, demonstrating a UNION-based attack via the 'username' parameter in the login form. The payload extracts database metadata (user, database name, and version) and is confirmed to work on the specified software version.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Nominas 0.27
No auth needed
Prerequisites: access to the login endpoint · PHPSESSID cookie handling
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45820

Scores

CVSS v3 8.2
EPSS 0.0031
EPSS Percentile 22.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026