CVE-2018-25424

Name of the Vulnerable Software and Affected Versions Gate Pass Management System version 2.1

Description An SQL injection allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit crafted POST requests to the 'login-exec.php' endpoint using SQL injection payloads in the login and password parameters to gain unauthorized access to the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.