Home / Vulnerability Intelligence / CVE-2018-25192

CVE-2018-25192 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

GPS Tracking System - Authentication Bypass

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

GPS Tracking System 2.12 contains an sql injection caused by unsanitized input in the username parameter in login.php, letting unauthenticated attackers bypass authentication by injecting SQL code.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can bypass authentication and gain unauthorized access to the system.

Mitigation

Update to the latest version.

References

https://www.exploit-db.com/exploits/45816
https://www.vulncheck.com/advisories/gps-tracking-system-sql-injection-via-username-parameter

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25192
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N