CVE-2018-25340— Smartshop 1 SQL Injection via category.php
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25340
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Smartshop 1 SQL Injection via category.php
Source: NVD (National Vulnerability Database)
Vulnerability Description
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2018-25340
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 6870 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2018-25340
请登录查看更多情报信息。
Vendor Advisories for CVE-2018-25340 (1)
- Smartshop 1 SQL Injection via category.php | Advisories | VulnCheckthird-party-advisory
Exploits & Public PoCs for CVE-2018-25340 (1)
Other References for CVE-2018-25340 (1)
Other References for CVE-2018-25340 (1)
Same Patch Batch · Behance · 2026-05-23 · 4 CVEs total
| CVE-2018-25342 | 8.2 HIGH | Smartshop 1 SQL Injection via search.php |
| CVE-2018-25341 | 8.2 HIGH | Smartshop 1 SQL Injection via product.php id Parameter |
| CVE-2018-25343 | 4.3 MEDIUM | Smartshop 1 Cross-Site Request Forgery via editprofile.php |
IV. Related Vulnerabilities
Same weakness: CWE-89
- CVE-2026-9528
itsourcecode Electronic Judging System delete_judge.php sql - CVE-2026-9526
itsourcecode Electronic Judging System edit_team.php sql inj - CVE-2026-9525
itsourcecode Electronic Judging System edit_judge.php sql in - CVE-2026-9524
xianrendzw EasyReport REST Endpoint execute sql injection - CVE-2026-9523
Acrel Electrical EEMS Enterprise Power Operation and Mainten
V. Comments for CVE-2018-25340
No comments yet