Home / Vulnerability Intelligence / CVE-2018-25202

CVE-2018-25202 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 26, 2026

SAT CFDI - SQL Injection

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

SAT CFDI 3.3 contains an sql injection caused by unsanitized 'id' parameter in the signIn endpoint, letting attackers manipulate database queries and extract sensitive data, exploit requires crafted POST requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can extract sensitive data or compromise the application by manipulating database queries.

Mitigation

Update to the latest version with SQL injection mitigations.

References

https://www.exploit-db.com/exploits/44726
https://www.vulncheck.com/advisories/sat-cfdi-sql-injection-via-signin-endpoint
https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25202
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N