Vulnerability Description
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omran | Fikir Odalari Adminpando | <= 1.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLiExploitThird Party Advisory
- https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikExploitThird Party Advisory
- https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikExploitThird Party Advisory
FAQ
What is CVE-2025-10878?
CVE-2025-10878 is a vulnerability with a CVSS score of 10.0 (CRITICAL). A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unau...
How severe is CVE-2025-10878?
CVE-2025-10878 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-10878?
Check the references section above for vendor advisories and patch information. Affected products include: Omran Fikir Odalari Adminpando.