top of page
perceptive_background_267k.jpg

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by…

Published:

25 March 2026 at 23:00:00

Alert date:

26 March 2026 at 16:11:28

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

CVE-2018-25195 affects Wecodex Hotel CMS version 1.0, containing a critical SQL injection vulnerability in the admin login functionality. Unauthenticated attackers can bypass authentication by injecting malicious SQL code through the username parameter in POST requests to index.php with action=processlogin. This vulnerability allows attackers to extract sensitive database information or gain unauthorized administrative access to the hotel management system. The exploit is publicly available and documented, making it easily exploitable by threat actors targeting vulnerable installations.

Technical details

Mitigation steps:

Affected products:

Wecodex Hotel CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25195
https://www.exploit-db.com/exploits/44729
https://www.vulncheck.com/advisories/wecodex-hotel-cms-sql-injection-via-admin-login
https://www.wecodex.com/item/view/hotel-management-system-in-php-and-mysql/7

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page