Home / Vulnerability Intelligence / CVE-2018-25163

CVE-2018-25163 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

BitZoom - SQL Injection

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

BitZoom 1.0 contains an sql injection caused by unsanitized input in rollno and username parameters in forgot.php and login.php, letting unauthenticated attackers execute arbitrary SQL queries remotely.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL queries, potentially leading to data disclosure and database compromise.

Mitigation

Update to the latest version of BitZoom.

References

https://www.exploit-db.com/exploits/45862
https://www.vulncheck.com/advisories/bitzoom-sql-injection-via-rollno-parameter

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25163
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N