CVE-2018-25203

Online Store System CMS 1.0 contains an SQL injection vulnerability in the email parameter of index.php when the action=clientaccess is set. The application fails to sufficiently sanitize user-supplied data before including it in an SQL query, leading to a CWE-89 SQL Injection flaw [1][2].

An unauthenticated attacker can exploit this by sending a POST request to index.php?action=clientaccess with malicious payloads in the email field. Both boolean-based blind and time-based blind SQL injection techniques are viable, as demonstrated in the public exploit [1]. The attack requires no prior authentication and can be performed over the network with low complexity [2].

Successful exploitation allows an attacker to extract sensitive information from the database, such as user credentials or other confidential data. This could lead to full compromise of the application and underlying database. The CVSS v3 base score is 8.2 (High), with a high impact on confidentiality [2].

As of the advisory, no official patch has been released. The vendor, Wecodex Solutions, may have discontinued the product or not provided updates. Users are advised to implement proper input validation, use parameterized queries, or apply virtual patching through a web application firewall to mitigate the risk [1][2].