Home / Vulnerability Intelligence / CVE-2018-25204

CVE-2018-25204 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 26, 2026

Library CMS - Authentication Bypass

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

Library CMS 1.0 contains an sql injection caused by unsanitized input in the username parameter at the admin login endpoint, letting unauthenticated attackers bypass authentication by injecting SQL code.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can bypass authentication and gain unauthorized access to the system.

Mitigation

Update to the latest version of Library CMS.

References

https://www.vulncheck.com/advisories/library-cms-sql-injection-via-admin-login
https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1
https://www.exploit-db.com/exploits/44728

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25204
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N