Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
BitZoom 1.0 allows attackers to access sensitive database information
CVE-2018-25163
Summary
An attacker can access sensitive information in the BitZoom database without a password, which could lead to data theft or disruption of the application. This is a serious security risk that needs to be addressed by updating to a fixed version of BitZoom. Users should check with their vendor for a patch or update to fix this issue.
Original title
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in ...
Original description
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026