CVE-2018-25163 HIGH

CVE-2018-25163: BitZoom 1.0 SQL Injection via rollno Parameter

Vendor Bitzoom
Product BitZoom
Weakness CWE-89 · SQLi
Published March 6, 2026
Last update March 9, 2026
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database.

Key dates

02Disclosure timeline

March 6, 2026 CVE published
March 9, 2026 Record updated