SQL Injection Vulnerabilities Discovered in E-Commerce and CMS Platforms

Severity: Medium (Score: 54.9)

Sources: Nvd.Nist

Summary

Two significant SQL injection vulnerabilities have been identified in widely used software. CVE-2018-25210 affects WebOfisi E-Ticaret 4.0, allowing unauthenticated attackers to manipulate database queries via the 'urun' GET parameter. Attackers can execute various SQL injection techniques, including boolean-based blind and error-based attacks. CVE-2018-25183 impacts Shipping System CMS 1.0, enabling attackers to bypass authentication by injecting SQL through the username parameter. This vulnerability allows unauthorized access to the admin login endpoint using malicious SQL payloads. Both vulnerabilities were published on March 26, 2026, and pose a significant risk to users of these platforms. Immediate action is recommended to mitigate potential exploitation. Key Points: • CVE-2018-25210 allows SQL injection in WebOfisi E-Ticaret 4.0. • CVE-2018-25183 enables authentication bypass in Shipping System CMS 1.0. • Both vulnerabilities were published on March 26, 2026, indicating recent discoveries.

Key Entities

• Sql Injection (attack_type)
• CVE-2018-25183 (cve)
• CVE-2018-25210 (cve)
• T1190 - Exploit Public-Facing Application (mitre_attack)