CVE-2018-25195 HIGH

CVE-2018-25195: Wecodex Hotel CMS 1.0 SQL Injection via Admin Login

Vendor Wecodex
Product Wecodex Hotel CMS
Weakness CWE-89 · SQLi
Published March 26, 2026
Last update March 28, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with action=processlogin to extract sensitive database information or gain unauthorized administrative access.

Key dates

02Disclosure timeline

March 26, 2026 CVE published
March 28, 2026 Record updated