Platform
php
Component
wecodex-restaurant-cms
Fixed in
1.0.1
CVE-2018-25185 describes a SQL injection vulnerability discovered in Wecodex Restaurant CMS versions 1.0. This flaw allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code through the username parameter. Successful exploitation could lead to unauthorized access to sensitive data, highlighting the need for immediate remediation.
The SQL injection vulnerability in Wecodex Restaurant CMS poses a significant risk to data confidentiality and integrity. An attacker could leverage this flaw to bypass authentication and directly interact with the underlying database. This allows for the extraction of sensitive information such as user credentials, customer data, menu details, and potentially even financial records. Depending on the database structure and permissions, an attacker might also be able to modify or delete data, leading to operational disruptions and reputational damage. The lack of authentication required for exploitation broadens the attack surface, making the system vulnerable to a wide range of malicious actors.
CVE-2018-25185 was published on 2026-03-26. While no public proof-of-concept (PoC) is explicitly mentioned, the nature of SQL injection vulnerabilities makes it likely that one exists or could be easily developed. The vulnerability's simplicity and lack of authentication requirements suggest a moderate probability of exploitation. It is not listed on the CISA KEV catalog at the time of this writing.
Exploit Status
EPSS
0.11% (29% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2018-25185 is to upgrade to a patched version of Wecodex Restaurant CMS. As no fixed version is specified in the provided data, it is crucial to contact Wecodex support or monitor their website for security updates. In the interim, implement input validation and sanitization on the username parameter to prevent SQL injection attempts. Web application firewalls (WAFs) configured with rules to detect and block SQL injection payloads can provide an additional layer of defense. Regularly review database access logs for suspicious activity.
Update to a patched version or apply necessary security measures to prevent SQL injection. Consider migrating to a more secure and up-to-date content management system.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2018-25185 is a SQL injection vulnerability in Wecodex Restaurant CMS 1.0, allowing attackers to manipulate database queries via the username parameter.
If you are using Wecodex Restaurant CMS version 1.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The recommended fix is to upgrade to a patched version of Wecodex Restaurant CMS. Contact Wecodex support or monitor their website for security updates. Implement input validation as a temporary measure.
While no active exploitation is confirmed, the vulnerability's nature makes it likely that it could be exploited. Implement mitigations to reduce your risk.
Check the Wecodex website or contact their support team for the official advisory regarding CVE-2018-25185.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.