Back

Critical SQL Injection Vulnerability in Gate Pass Management System Disclosed

Severity: High (Score: 74.0)

Sources: vulners.com, vuldb.com, Feedly, www.incibe.es, cve.akaoma.com

Published: 2026-05-30 · Updated: 2026-05-31

Keywords: cve-2018-25424, injection, gate, pass, management, system, contains

Severity indicators: vulnerability, vulnerabilities, sql injection, credentials, CVE:CVE-2018-25424, CVE:CVE-2018-25424, CVE:CVE-2018-25424

Summary

CVE-2018-25424 has been identified in Gate Pass Management System 2.1, allowing unauthenticated attackers to exploit an SQL injection vulnerability via the login-exec.php endpoint. Attackers can bypass authentication by injecting SQL code through the login and password parameters, gaining unauthorized access to the application. The vulnerability has been assigned a CVSS score of 8.2, indicating a severe risk. Currently, there is no public proof-of-concept or evidence of active exploitation. Security professionals are urged to implement mitigation strategies, including parameterized queries and input validation. The vulnerability was published on 2026-05-30, and immediate action is recommended to prevent potential breaches. Key Points: • CVE-2018-25424 allows SQL injection in Gate Pass Management System 2.1. • Unauthenticated attackers can bypass authentication and gain full access. • Mitigation strategies include input validation and using parameterized queries.

Detailed Analysis

**Impact** The vulnerability affects Gate Pass Management System version 2.1, allowing unauthenticated attackers to bypass authentication and gain unauthorized access. The scope includes any organization using this system, potentially exposing sensitive access control data and operational processes. No specific sectors, geographic locations, or numbers of affected entities are provided. The unauthorized access could lead to compromised gate management operations and data confidentiality breaches. **Technical Details** The attack vector is an SQL injection vulnerability (CVE-2018-25424) in the login-exec.php endpoint, exploited via crafted POST requests injecting SQL code into the login and password parameters. The vulnerability allows authentication bypass without valid credentials. No malware or specific tools are mentioned. The CVSS base score is 8.2, indicating high severity. No indicators of compromise (IOCs) or evidence of active exploitation are reported. **Recommended Response** Implement parameterized queries or prepared statements in the login-exec.php endpoint to prevent SQL injection. Apply strict input validation and sanitization on login and password parameters. Deploy a Web Application Firewall (WAF) with SQL injection detection rules and consider rate limiting login attempts. Monitor for unusual authentication attempts and upgrade to a patched version of the Gate Pass Management System if available; no patch details are currently provided.

Source articles (5)

  • CVE-2018-25424 - Exploits & Severity — Feedly · 2026-05-30
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) Gate Pass Management System 2.1 contains an SQL injection vulnerability in the login-exec.php endpoint. Un…
  • CVE-2018-25424 INCIBE-CERT - Vulnerabilities RSS / 2h Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score) — www.incibe.es · 2026-05-30
    Puntuación base: 8.80 ALTA Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Vector de acceso (AV): A través de red Complejidad de acceso (AC): Bajo Attack Requirements (AT): Nin…
  • CVE-2018-25424 AKAOMA CVE VULNERABILITIES / 6h Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application. — cve.akaoma.com · 2026-05-30
    8.2 /10 Severe Risk Cybersecurity professionals consider CVE-2018-25424 an immediate threat requiring urgent mitigation. Cybersecurity professionals consider CVE-2018-25424 an immediate threat requiri…
  • CVE-2018-25424 Vulners.com RSS Feed / 6h Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application... — vulners.com · 2026-05-30
  • CVE-2018-25424 | Livebms Gate Pass Management System 2.1 POST login-exec.php sql injection (Exploit 45766) VulDB Recent Entries / 6h A vulnerability marked as critical has been reported in Livebms Gate Pass Management System 2.1 . This affects an unknown function of the file login-exec.php of the component POST Handler . This manipulation causes sql injection. This vulnerability is handled as CVE-2018-25424 . The attack can be initiated remotely. Additionally, an exploit exists. — vuldb.com · 2026-05-30

Timeline

  • 2026-05-30 — CVE-2018-25424 published: Details of the SQL injection vulnerability in Gate Pass Management System 2.1 were published, highlighting the risk of unauthorized access.
  • 2026-05-30 — CVE-2018-25424 acknowledged as an immediate threat: Cybersecurity professionals have classified the vulnerability as requiring urgent mitigation due to its severity.

CVEs

  • CVE-2018-25424

Related entities

  • Sql Injection (Attack Type)
  • Cwe-89 - SQL Injection (Cwe)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • 6h Gate Pass Management System 2.1 (Platform)
  • PHP (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed