Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-754f-6hrq-f5qh

Опубликовано: 24 дек. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 9.3
CVSS3: 8.2

Описание

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.

Ссылки

EPSS

Процентиль: 28%
0.00099
Низкий

9.3 Critical

CVSS4

8.2 High

CVSS3

CVE ID

CVE-2018-25128

Дефекты

CWE-89

Связанные уязвимости

nvd логотип

CVE-2018-25128

CVSS3: 8.2
nvd
около 2 месяцев назад

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.

EPSS

Процентиль: 28%
0.00099
Низкий

9.3 Critical

CVSS4

8.2 High

CVSS3

CVE ID

CVE-2018-25128

Дефекты

CWE-89