Home / Vulnerability Intelligence / CVE-2018-25183

CVE-2018-25183 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 27, 2026

Shipping System CMS - Authentication Bypass

Published: March 26, 2026Updated: March 27, 2026PoC AvailableRemote Exploitable

Overview

Shipping System CMS 1.0 contains an sql injection caused by unsanitized input in the username parameter at the admin login endpoint, letting unauthenticated attackers bypass authentication using boolean-based blind SQL injection.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can bypass authentication, gaining unauthorized access to the system.

Mitigation

Update to the latest version of Shipping System CMS.

References

https://www.exploit-db.com/exploits/44722
https://www.vulncheck.com/advisories/shipping-system-cms-sql-injection-via-admin-login
https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25183
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: confirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N