CVE-2018-25163

Vulnerability

Overview BitZoom 1.0 contains an SQL injection vulnerability in the rollno and username parameters of forgot.php and login.php. The application fails to sanitize user input, allowing attackers to inject arbitrary SQL commands via POST requests [1][2].

Exploitation

Attackers can exploit this flaw without authentication by sending crafted POST requests with SQL UNION statements. A public proof-of-concept demonstrates how to extract database schema and table contents by injecting a payload into the rollno parameter [1]. The vulnerability is remotely exploitable over the network, with low attack complexity and no privileges required [2].

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary SQL queries, potentially extracting sensitive information such as usernames, passwords, and other database contents. The CVSS v4 vector indicates high confidentiality impact [2].

Mitigation

No official patch has been released for BitZoom 1.0, and the software appears to be unmaintained. Users should consider disabling or isolating the application to prevent exposure [2].