Plattform
other
Komponente
sat-cfdi
Behoben in
3.3.1
CVE-2018-25202 represents a significant SQL injection vulnerability identified in SAT CFDI version 3.3. This flaw enables attackers to inject malicious SQL code through the 'id' parameter within the signIn endpoint, potentially leading to data breaches and system compromise. Prompt remediation is essential to protect sensitive information.
An attacker exploiting CVE-2018-25202 can inject SQL code through the 'id' parameter in the signIn endpoint of SAT CFDI 3.3. This allows them to manipulate database queries, potentially extracting sensitive data such as user credentials, financial information, and transaction details. Attackers can utilize boolean-based blind, stacked queries, or time-based blind SQL injection techniques to bypass security measures. Successful exploitation could lead to unauthorized access to the application and its underlying data, potentially impacting the confidentiality and integrity of the system. The blast radius includes all data accessible through the database.
CVE-2018-25202 was published on 2026-03-26. Its severity is rated as HIGH with a CVSS score of 8.2. Public proof-of-concept (POC) code may exist, increasing the likelihood of exploitation. The vulnerability is not currently listed on KEV or EPSS, suggesting a low to medium probability of active exploitation at this time. Monitor security advisories and threat intelligence feeds for any indications of exploitation campaigns targeting SAT CFDI.
Organizations utilizing SAT CFDI version 3.3, particularly those with sensitive data stored within the application's database, are at risk. Shared hosting environments where multiple users share the same SAT CFDI instance are also particularly vulnerable, as a compromise of one user's account could potentially lead to the compromise of the entire system.
• linux / server:
journalctl -u satcfdi -g "SQL injection"• generic web:
curl -X POST -d "id='; DROP TABLE users;--" https://<satcfdi_server>/signIn | grep -i "error"• database (mysql):
mysql -u <user> -p -e "SHOW GRANTS FOR '<user>'@'%'"disclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2018-25202 is to upgrade to a patched version of SAT CFDI. Unfortunately, no specific fixed version is listed. As a temporary workaround, implement strict input validation on the 'id' parameter, limiting the allowed characters and length. A Web Application Firewall (WAF) configured to detect and block SQL injection attempts targeting the signIn endpoint is crucial. Regularly review and update WAF rules to address emerging threats. Implement robust logging and monitoring to detect suspicious activity. After applying mitigation, verify the fix by attempting to access the signIn endpoint with a deliberately crafted SQL injection payload; it should be blocked.
Actualizar a una versión parcheada del software SAT CFDI 3.3 que solucione la vulnerabilidad de inyección SQL. Contactar al proveedor (Wecodex) para obtener la versión actualizada o seguir sus recomendaciones de seguridad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-25202 is a SQL Injection vulnerability affecting SAT CFDI version 3.3, allowing attackers to inject SQL code via the 'id' parameter in the signIn endpoint to potentially extract sensitive data.
If you are using SAT CFDI version 3.3, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of SAT CFDI. As a temporary workaround, implement WAF rules and input validation.
There is currently no public evidence of CVE-2018-25202 being actively exploited, but the vulnerability's nature makes it a potential target.
Refer to the SAT CFDI vendor's official security advisory for detailed information and remediation steps related to CVE-2018-25202.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.