1. Home
  2. CVE Database
  3. CVE-2018-25128
HIGH · 8.2

CVE-2018-25128

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authenti...

Vulnerability Description

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2018-25128?

CVE-2018-25128 is a vulnerability with a CVSS score of 8.2 (HIGH). SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authenti...

How severe is CVE-2018-25128?

CVE-2018-25128 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25128?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.