1. Home
  2. CVE Database
  3. CVE-2018-25163
HIGH · 8.2

CVE-2018-25163

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in for...

Vulnerability Description

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2018-25163?

CVE-2018-25163 is a vulnerability with a CVSS score of 8.2 (HIGH). BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in for...

How severe is CVE-2018-25163?

CVE-2018-25163 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25163?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.