Home / Vulnerability Intelligence / CVE-2018-25196

CVE-2018-25196 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

ServerZilla - SQL Injection

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

ServerZilla 1.0 contains an sql injection caused by unsanitized input in the email parameter in reset.php, letting unauthenticated attackers bypass authentication and extract sensitive database information.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can bypass authentication and extract sensitive database information.

Mitigation

Update to the latest version of ServerZilla.

References

https://www.exploit-db.com/exploits/45817
https://www.vulncheck.com/advisories/serverzilla-sql-injection-via-email-parameter

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25196
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N