CVE-2018-25195

HIGH

Wecodex Hotel CMS 1.0 SQL Injection via Admin Login

Title source: cna
STIX 2.1

Description

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with action=processlogin to extract sensitive database information or gain unauthorized administrative access.

Exploits (1)

exploitdb WORKING POC
by AkkuS · textwebappsphp
https://www.exploit-db.com/exploits/44729

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-44729
https://www.exploit-db.com/exploits/44729
Third Party Advisory third-party-advisory
VulnCheck Advisory: Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
https://www.vulncheck.com/advisories/wecodex-hotel-cms-sql-injection-via-admin-login

Scores

CVSS v3 8.2
EPSS 0.0043
EPSS Percentile 62.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
wecodex/hotel_cms 1.0
Wecodex/Wecodex Hotel CMS 1.0
Published Mar 26, 2026
Tracked Since Mar 26, 2026