CVE-2018-25424

Vulnerability

Gate Pass Management System version 2.1 contains an SQL injection vulnerability in the login-exec.php script. The login and password POST parameters are not properly sanitized before being used in SQL queries. Attackers can inject arbitrary SQL code through these parameters to manipulate the authentication query. This affects Gate Pass Management System versions up to and including 2.1 [2].

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a crafted POST request to login-exec.php with malicious SQL injection payloads in the login and password form parameters. The attacker requires network access to the application but does not need any prior authentication or user interaction. The vulnerability can be exploited remotely [2].

Impact

Successful exploitation allows the attacker to bypass the authentication mechanism and gain access to the application without valid credentials. This can lead to disclosure of sensitive information, modification of data, or further system compromise depending on the privileges of the authenticated session [2].

Mitigation

As of the publication date, no official patch has been released. Users are advised to apply input validation and parameterized queries to the login-exec.php script. The vendor should update the software to a fixed version. At this time, the vulnerability is not listed in the KEV catalog [2].