CVE-2018-25424

EUVD-2018-21946
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Common Weakness Enumeration
References
http://www.livebms.com
https://netcologne.dl.sourceforge.net/project/gatepass/gpms_Update.zip
https://www.exploit-db.com/exploits/45766
https://www.vulncheck.com/advisories/gate-pass-management-system-sql-injection-via-login-exec-php