Home / Vulnerability Intelligence / CVE-2018-25185

CVE-2018-25185 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 26, 2026

Wecodex Restaurant CMS - SQL Injection

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

Wecodex Restaurant CMS 1.0 contains an sql injection caused by unsanitized input in the username parameter at the login endpoint, letting unauthenticated attackers extract sensitive database information via blind SQL techniques.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can extract sensitive database information, potentially compromising the entire database.

Mitigation

Update to the latest version of Wecodex Restaurant CMS.

References

https://www.exploit-db.com/exploits/44730
https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login
https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25185
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N