Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Warranty Tracking System 11.06.3 allows unauthorized database access
CVE-2018-25161
Summary
A weakness in the Warranty Tracking System can allow hackers to access sensitive information stored in the database. This means they could potentially see usernames, database names, and other details they shouldn't have access to. It's recommended to update to a patched version of the system to prevent unauthorized access.
Original title
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerN...
Original description
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026