CVE-2018-25204

HIGH

Library CMS 1.0 SQL Injection via admin login

Title source: cna

Description

Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username field to manipulate database queries and gain unauthorized access.

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/44728

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44728

https://www.exploit-db.com/exploits/44728

Product product

Official Product Homepage

https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1

Third Party Advisory third-party-advisory

VulnCheck Advisory: Library CMS 1.0 SQL Injection via admin login

https://www.vulncheck.com/advisories/library-cms-sql-injection-via-admin-login

Scores

CVSS v3 8.2

EPSS 0.0043

EPSS Percentile 62.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

Wecodex/Library CMS 1.0

wecodex/library_cms 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026