← Back
2026-03-26 11:39CVE-2018-25185VulnCheck
PUBLISHED5.2CWE-89

Wecodex Restaurant CMS 1.0 SQL Injection via Login

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.

Problem type

Affected products

Wecodex

Wecodex Restaurant CMS

1.0 - AFFECTED

References

ExploitDB-44730

https://www.exploit-db.com/exploits/44730

exploit
Official Product Homepage

https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6

product
VulnCheck Advisory: Wecodex Restaurant CMS 1.0 SQL Injection via Login

https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login

third-party-advisory

GitHub Security Advisories

GHSA-4j5p-2cxc-9j9x

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated...

https://github.com/advisories/GHSA-4j5p-2cxc-9j9x

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2018-25185

exploit-db.com

https://www.exploit-db.com/exploits/44730

vulncheck.com

https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login

wecodex.com

https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6

github.com

https://github.com/advisories/GHSA-4j5p-2cxc-9j9x

JSON source

https://cveawg.mitre.org/api/cve/CVE-2018-25185
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2018-25185",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-03-26T13:38:07.688Z",
    "dateReserved": "2026-03-06T11:54:43.500Z",
    "datePublished": "2026-03-26T11:39:48.380Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-03-26T11:39:48.380Z"
      },
      "datePublic": "2018-05-23T00:00:00.000Z",
      "title": "Wecodex Restaurant CMS 1.0 SQL Injection via Login",
      "descriptions": [
        {
          "lang": "en",
          "value": "Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information."
        }
      ],
      "affected": [
        {
          "vendor": "Wecodex",
          "product": "Wecodex Restaurant CMS",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/44730",
          "name": "ExploitDB-44730",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6",
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login",
          "name": "VulnCheck Advisory: Wecodex Restaurant CMS 1.0 SQL Injection via Login",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Özkan Mustafa Akkuş (AkkuS)",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T13:38:07.688Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}