CVE-2018-25167 — HIGH (8.2)

Vulnerability Description

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames, passwords, and system credentials.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2018-25167?

CVE-2018-25167 is a vulnerability with a CVSS score of 8.2 (HIGH). Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicio...

How severe is CVE-2018-25167?

CVE-2018-25167 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25167?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.