Home / Vulnerability Intelligence / CVE-2018-25201

CVE-2018-25201 - Vulnerability Analysis

HighCVSS: 7.1

Last Updated: March 27, 2026

School Management System CMS - Authentication Bypass

Published: March 26, 2026Updated: March 27, 2026PoC AvailableRemote Exploitable

Overview

School Management System CMS 1.0 contains an sql injection caused by improper sanitization of the username parameter in admin login functionality, letting attackers bypass authentication via boolean-based blind SQL injection, exploit requires crafted payload to processlogin endpoint.

Severity & Score

Severity: High

CVSS Score: 7.1

Impact

Attackers can bypass authentication and gain administrator access without valid credentials.

Mitigation

Update to the latest version with SQL injection fixes.

References

https://www.exploit-db.com/exploits/44727
https://www.vulncheck.com/advisories/school-management-system-cms-admin-login-sql-injection
https://www.wecodex.com/item/view/school-management-system-in-php-and-mysql/5

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25201
Severity: High
CVSS Score: 7.1
Type: sql_injection
Status: confirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N