CVE-2018-25128

Vulnerability

Overview

The SOCA Access Control System version 180612 (and earlier versions 170000 and 141007) is affected by multiple SQL injection vulnerabilities [1][2]. The root cause is the failure to sanitize POST parameters in critical PHP endpoints, specifically Login.php and Card_Edit_GetJson.php. This allows an attacker to inject arbitrary SQL commands that the application then executes against the backend database [1].

Exploitation and

Attack Surface

An attacker can exploit these flaws without any prior authentication [2]. By crafting malicious POST requests to the vulnerable scripts, they can manipulate database queries. The attack can be performed remotely over the network, requiring only that the target system's web interface is accessible [1]. The official exploit-db entry provides a proof-of-concept demonstrating the injection technique [2].

Impact

Successful exploitation enables an attacker to bypass the login mechanism entirely, retrieve stored password hashes, and elevate privileges to administrative level [1][2]. Once an attacker gains admin access with full system privileges, they can control the access control system, modify cardholder data, and potentially lock out legitimate users or disable physical access controls.

Mitigation

SOCA Technology Co., Ltd. has not released a patched version for the affected software as of the disclosure dates [1][2]. Users are advised to isolate the management interface from untrusted networks, apply strict input validation as a workaround, or upgrade to a newer, supported version of the product if available.