Home / Vulnerability Intelligence / CVE-2018-25195

CVE-2018-25195 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 27, 2026

Wecodex Hotel CMS - Authentication Bypass

Published: March 26, 2026Updated: March 27, 2026PoC AvailableRemote Exploitable

Overview

Wecodex Hotel CMS 1.0 contains an sql injection caused by unsanitized input in the username parameter in admin login functionality, letting unauthenticated attackers bypass authentication and extract sensitive data.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can bypass admin login and access sensitive database information, leading to full administrative control.

Mitigation

Update to the latest version with SQL injection fixes.

References

https://www.exploit-db.com/exploits/44729
https://www.vulncheck.com/advisories/wecodex-hotel-cms-sql-injection-via-admin-login
https://www.wecodex.com/item/view/hotel-management-system-in-php-and-mysql/7

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25195
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: confirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N