Home / Vulnerability Intelligence / CVE-2018-25161

CVE-2018-25161 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

Warranty Tracking System - SQL Injection

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

Warranty Tracking System 11.06.3 contains an sql injection caused by unsanitized input in txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php, letting attackers execute arbitrary SQL queries and extract sensitive database information, exploit requires crafted SQL injection.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can execute arbitrary SQL queries to extract sensitive database information including usernames and version details.

Mitigation

Update to the latest version.

References

https://www.exploit-db.com/exploits/45881
https://www.vulncheck.com/advisories/warranty-tracking-system-sql-injection-via-searchcustomerphp

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25161
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N