CVE-2018-25201
SQL Injection in School Management System CMS 1.0 Admin Login Enables Authentication Bypass
Publication date: 2026-03-26
Last updated on: 2026-03-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wecodex | school_management_system_cms | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to bypass authentication and gain administrator access without valid credentials by exploiting an SQL injection flaw in the admin login functionality.
Such unauthorized access to administrative functions could potentially lead to unauthorized access to sensitive personal or protected data managed by the system.
This unauthorized access and potential data compromise may negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and proper access controls.
Can you explain this vulnerability to me?
CVE-2018-25201 is an SQL injection vulnerability found in the School Management System CMS version 1.0 and earlier. It exists in the admin login functionality, specifically in the username parameter of the processlogin endpoint.
Attackers can exploit this flaw by injecting malicious SQL code using boolean-based blind SQL injection techniques. This allows them to bypass authentication and gain administrator access without valid credentials.
The vulnerability arises because the application fails to properly sanitize user input before including it in SQL queries, making it susceptible to injection attacks.
How can this vulnerability impact me? :
This vulnerability allows an attacker to bypass the admin login authentication and gain unauthorized administrator access to the School Management System CMS.
With administrator access, the attacker can potentially access or modify sensitive data within the underlying database, compromise the integrity of the system, and exploit further latent vulnerabilities.
The impact includes a high confidentiality risk due to unauthorized data access, while integrity impact is low and availability is not affected.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the admin login functionality, specifically the 'username' parameter of the processlogin endpoint, for SQL injection using boolean-based blind SQL injection techniques.
One approach is to send specially crafted POST requests to the endpoint `/school/maestro/index.php?view=processlogin` with payloads designed to trigger SQL injection responses.
For example, you can use curl or similar tools to send a payload like:
- curl -X POST -d 'username=admin") RLIKE (SELECT (CASE WHEN (1=1) THEN 0x61646d696e ELSE 0x28 END)) AND ("YAQS"="YAQS'&password=any' http://target/school/maestro/index.php?view=processlogin
If the response differs based on the injected condition (true or false), it indicates the presence of a boolean-based blind SQL injection vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Restrict access to the admin login endpoint to trusted IP addresses or networks to reduce exposure.
- Implement input validation and sanitization on the 'username' parameter to prevent SQL injection.
- Use parameterized queries or prepared statements in the backend code to safely handle user inputs.
- Monitor logs for suspicious login attempts or unusual patterns that may indicate exploitation attempts.
Ultimately, update or patch the School Management System CMS to a version where this vulnerability is fixed or apply custom code fixes to prevent SQL injection.