Plattform
php
Komponente
shipping-system-cms
Behoben in
1.0.1
CVE-2018-25183 details a SQL injection vulnerability present in Shipping System CMS version 1.0. An unauthenticated attacker can exploit this vulnerability by injecting malicious SQL code through the username parameter during the login process, effectively bypassing authentication. This allows unauthorized access to the CMS administrative interface.
The impact of CVE-2018-25183 is significant. Successful exploitation allows an attacker to bypass authentication and gain access to the Shipping System CMS administrative interface. From there, they can potentially modify or delete data, add or remove users, and compromise the entire system. The attacker could extract sensitive information stored in the database, including customer data, order details, and administrative credentials. The vulnerability's unauthenticated nature means that any user can attempt to exploit it, making it a high-priority security risk. This vulnerability is similar to many other SQL injection flaws that have led to data breaches and system compromises.
CVE-2018-25183 has a CVSS score of 8.2 (HIGH). It was published on 2026-03-26. The vulnerability is unauthenticated, making it easily exploitable. Public proof-of-concept exploits are likely to exist. It is not currently listed on CISA KEV.
Organizations using Shipping System CMS version 1.0, particularly those with publicly accessible admin login pages, are at significant risk. Shared hosting environments where multiple users share the same CMS instance are also vulnerable, as a compromise of one user could lead to the compromise of the entire system.
• php: Examine web server access logs for POST requests to the admin login endpoint containing suspicious SQL syntax in the username parameter (e.g., ';--, OR 1=1).
• generic web: Use curl to test the login endpoint with various SQL injection payloads in the username field and observe the response for unexpected behavior or errors.
curl -X POST -d "username=test;--&password=password" http://your-shipping-system-cms/admin/login.phpdisclosure
Exploit-Status
EPSS
0.40% (60% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2018-25183 is to upgrade to a patched version of Shipping System CMS. Unfortunately, a specific fixed version is not provided in the CVE data. As an immediate workaround, implement parameterized queries or prepared statements in the login functionality to prevent SQL injection. Input validation on the username parameter is also crucial, ensuring that only alphanumeric characters are allowed. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can provide an additional layer of protection. After implementing mitigation, test the login functionality with various SQL injection payloads to confirm that the vulnerability is no longer exploitable.
Actualizar a una versión parcheada o aplicar las medidas de seguridad recomendadas por el proveedor para mitigar la vulnerabilidad de inyección SQL. Se recomienda contactar al proveedor para obtener un parche o instrucciones específicas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-25183 is a SQL Injection vulnerability affecting Shipping System CMS version 1.0, allowing attackers to bypass authentication.
If you are using Shipping System CMS version 1.0, you are potentially affected and should upgrade immediately.
Upgrade Shipping System CMS to a patched version. Implement input validation and WAF rules as temporary mitigations.
While no active campaigns are currently confirmed, public proof-of-concept exploits exist, increasing the risk of exploitation.
Refer to the Shipping System CMS website or security mailing list for the official advisory regarding CVE-2018-25183.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.