Unrated severityNVD Advisory· Published Mar 26, 2026· Updated Mar 28, 2026
Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
CVE-2018-25195
Description
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with action=processlogin to extract sensitive database information or gain unauthorized administrative access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 1.0+ 1 more
- (no CPE)range: = 1.0
- (no CPE)range: 1.0
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/44729mitreexploit
- www.vulncheck.com/advisories/wecodex-hotel-cms-sql-injection-via-admin-loginmitrethird-party-advisory
- www.wecodex.com/item/view/hotel-management-system-in-php-and-mysql/7mitreproduct
News mentions
0No linked articles in our index yet.