PT-2025-53349 · Unknown · Soca Access Control System
Published
2025-12-24
·
Updated
2025-12-24
·
CVE-2018-25128
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SOCA Access Control System version 180612
Description
The SOCA Access Control System contains multiple SQL injection flaws. These flaws allow attackers to manipulate database queries through unvalidated POST parameters. Exploitation of injection flaws in
Login.php and Card Edit GetJson.php can lead to bypassing authentication, retrieving password hashes, and gaining administrative access with full system privileges.Recommendations
Apply updates to address SQL injection vulnerabilities in
Login.php.
Apply updates to address SQL injection vulnerabilities in Card Edit GetJson.php.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Soca Access Control System