CVE-2018-25128

Sažetak

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.

Reference

http://www.socatech.com
https://www.exploit-db.com/exploits/46833
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5519.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5519.php

CVSS

Base:	8.2
Impact:	4.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

24-12-2025 - 21:15

Objavljeno

24-12-2025 - 20:15