Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25424: Gate Pass Management System 2.1: Unauthenticated Access through Login
CVE-2018-25424
Summary
An attacker can submit fake login information to gain access to the Gate Pass Management System without a valid username and password. This is a serious issue because it allows unauthorized access to the system. To fix this, update the system to the latest version or apply security patches to prevent this type of attack.
Original title
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameter...
Original description
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026