Plattform
php
Komponente
wecodex-restaurant-cms
Behoben in
1.0.1
CVE-2018-25185 describes a SQL injection vulnerability affecting Wecodex Restaurant CMS version 1.0. An unauthenticated attacker can exploit this flaw by injecting malicious SQL code through the username parameter during the login process, enabling them to manipulate database queries and potentially gain unauthorized access to sensitive data.
The impact of CVE-2018-25185 mirrors that of CVE-2018-25183. Successful exploitation allows an attacker to bypass authentication and gain access to the Wecodex Restaurant CMS administrative interface. This can lead to data breaches, modification of critical data, and potential compromise of the entire system. Attackers can extract sensitive information stored in the database, such as customer details, menu information, and administrative credentials. The unauthenticated nature of the vulnerability makes it easily exploitable by anyone with access to the login page.
CVE-2018-25185 has a CVSS score of 8.2 (HIGH). It was published on 2026-03-26. Similar to CVE-2018-25183, this vulnerability is unauthenticated, making it easily exploitable. Public proof-of-concept exploits are likely to exist. It is not currently listed on CISA KEV.
Restaurants and businesses utilizing Wecodex Restaurant CMS version 1.0 are at significant risk. This includes establishments relying on the CMS for online ordering, reservation management, and customer data storage. Shared hosting environments are particularly vulnerable, as a compromised CMS instance could potentially impact other websites hosted on the same server.
• php: Examine web server access logs for POST requests to the login endpoint containing suspicious SQL syntax in the username parameter (e.g., '; DROP TABLE users;--).
• generic web: Use curl to test the login endpoint with various SQL injection payloads in the username parameter and observe the response for errors or unexpected behavior. curl -d 'username='; DROP TABLE users;--' http://your-restaurant-cms/login
• database (mysql): If database access is possible, check for unauthorized database modifications or suspicious user accounts.
disclosure
Exploit-Status
EPSS
0.11% (29% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2018-25185 is to upgrade to a patched version of Wecodex Restaurant CMS. Unfortunately, a specific fixed version is not provided in the CVE data. As an immediate workaround, implement parameterized queries or prepared statements in the login functionality to prevent SQL injection. Input validation on the username parameter is also essential, restricting input to alphanumeric characters. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can provide an additional layer of defense. After implementing mitigation, test the login functionality with various SQL injection payloads to confirm that the vulnerability is no longer exploitable.
Actualice a una versión parcheada o aplique las medidas de seguridad necesarias para evitar la inyección SQL. Considere migrar a un sistema de gestión de contenido más seguro y actualizado.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-25185 is a SQL injection vulnerability in Wecodex Restaurant CMS 1.0, allowing attackers to manipulate database queries via the username parameter.
If you are using Wecodex Restaurant CMS version 1.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The recommended fix is to upgrade to a patched version of Wecodex Restaurant CMS. Contact Wecodex support or monitor their website for security updates. Implement input validation as a temporary measure.
While no active exploitation is confirmed, the vulnerability's nature makes it likely that it could be exploited. Implement mitigations to reduce your risk.
Check the Wecodex website or contact their support team for the official advisory regarding CVE-2018-25185.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.