Cyber Resilience

CVE-2018-25207

HighPublic PoC

Published: 26 March 2026

Published
26 March 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 34.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25207 is a high-severity SQL Injection (CWE-89) vulnerability in Hscripts (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2018-25207 is a SQL injection vulnerability (CWE-89) affecting Online Quiz Maker 1.0, a PHP-based web application. The flaw resides in the catid and usern parameters, which fail to properly sanitize user input, enabling arbitrary SQL command execution. Vulnerable endpoints include quiz-system.php and add-category.php, where attackers can inject crafted payloads via POST requests. The issue carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low privileges required.

Authenticated attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction. By submitting malicious POST requests containing SQL payloads to the affected parameters, they can execute arbitrary SQL commands, extract sensitive database information such as user credentials or quiz data, or bypass authentication mechanisms entirely.

Advisories and references, including a VulnCheck advisory on the catid parameter SQL injection and an Exploit-DB entry (45323) providing proof-of-concept exploits, document the issue but do not specify available patches or vendor mitigations. The original software is hosted on hscripts.com, with download links available, suggesting practitioners should avoid deploying version 1.0 and implement input validation or prepared statements in similar applications.

EU & UK References

Vulnerability details

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters…

more

to extract sensitive database information or bypass authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in network-accessible PHP web app directly enables remote exploitation of a public-facing application for data exfiltration and auth bypass.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89
CVE-2026-36232Shared CWE-89
CVE-2026-31871Shared CWE-89
CVE-2026-33078Shared CWE-89
CVE-2026-46359Shared CWE-89
CVE-2025-22691Shared CWE-89

Affected Assets

Hscripts
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of user inputs in parameters like catid and usern to block SQL injection payloads before they reach the database.

prevent

SI-2 requires identification, reporting, and correction of flaws like the SQL injection in quiz-system.php and add-category.php.

prevent

SI-9 enforces restrictions on POST parameters such as catid and usern at application boundaries to prevent malicious SQL payloads.

References