Cyber Posture

CVE-2018-25128

HighPublic PoC

Published: 24 December 2025

Published
24 December 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0013 32.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws…

more

in Login.php and Card_Edit_GetJson.php.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 directly prevents SQL injection by requiring validity checks on unvalidated POST parameters used in database queries within Login.php and Card_Edit_GetJson.php.

SI-2 Flaw Remediation good match
prevent

SI-2 requires identification, reporting, and correction of flaws such as the SQL injection vulnerabilities, eliminating the root cause in the affected system components.

SI-9 Information Input Restrictions partial match
prevent

SI-9 enforces restrictions on information inputs, limiting the size, type, and format of POST parameters to hinder SQL injection payloads.

Security SummaryAI

CVE-2018-25128 is a set of multiple SQL injection vulnerabilities (CWE-89) affecting the SOCA Access Control System version 180612. These flaws arise from unvalidated POST parameters in components such as Login.php and Card_Edit_GetJson.php, enabling attackers to manipulate database queries. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with network accessibility and no prerequisites for exploitation.

Remote attackers without privileges can exploit these SQL injections over the network with low complexity. Successful exploitation allows bypassing authentication mechanisms, extracting password hashes from the database, and escalating to administrative access with full system privileges, potentially compromising the entire access control system.

Advisories and references, including the vendor site at http://www.socatech.com, an Exploit-DB proof-of-concept at https://www.exploit-db.com/exploits/46833, and ZeroScience Labs' report ZSL-2019-5519 at https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5519.php, detail the vulnerabilities but do not specify patches or mitigations in the available information. Security practitioners should review these sources for any updates on remediation.

Details

CWE(s)
CWE-89

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
attack.mitre.org →
Why these techniques?

SQL injection vulnerabilities in unauthenticated public-facing web components (Login.php, Card_Edit_GetJson.php) directly enable T1190 (Exploit Public-Facing Application) for initial access and T1212 (Exploitation for Credential Access) via authentication bypass and password hash extraction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References