{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2018-25340/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25340"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Smartshop 1"],"_cs_severities":["high"],"_cs_tags":["cve-2018-25340","sql-injection","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSmartshop version 1 is vulnerable to SQL injection. An unauthenticated attacker can send a specially crafted HTTP GET request to the \u003ccode\u003ecategory.php\u003c/code\u003e endpoint with a malicious SQL payload in the \u003ccode\u003eid\u003c/code\u003e parameter. This vulnerability allows the attacker to execute arbitrary SQL queries against the backend database. Successful exploitation can lead to the extraction of sensitive information, such as user credentials and other confidential data stored within the database. Given the lack of authentication required, this poses a significant risk to organizations using the vulnerable Smartshop version 1 application.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Smartshop version 1 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003ecategory.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a UNION-based SQL injection payload into the \u003ccode\u003eid\u003c/code\u003e parameter of the GET request, such as \u003ccode\u003eid=1 UNION SELECT ...\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request and passes the malicious SQL payload to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL query, potentially returning sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the database response containing the extracted data, such as usernames, passwords, or other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the extracted data for valuable information.\u003c/li\u003e\n\u003cli\u003eThe attacker can use the extracted credentials or sensitive data for further malicious activities, such as unauthorized access or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to the compromise of the Smartshop database, resulting in the leakage of sensitive information, including user credentials. The number of affected installations is unknown. The sectors affected are those using Smartshop version 1 for e-commerce or other purposes. If the attack succeeds, attackers can gain unauthorized access to user accounts, financial data, or other confidential information, leading to financial loss and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2018-25340 Exploitation - Smartshop SQL Injection\u003c/code\u003e to your SIEM to identify exploitation attempts based on HTTP GET requests to \u003ccode\u003ecategory.php\u003c/code\u003e with SQL injection payloads.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eid\u003c/code\u003e parameter in \u003ccode\u003ecategory.php\u003c/code\u003e to prevent SQL injection, addressing CVE-2018-25340 directly.\u003c/li\u003e\n\u003cli\u003eConsider using parameterized queries or prepared statements to further mitigate the risk of SQL injection.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:36:06Z","date_published":"2026-05-26T13:36:06Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25340-smartshop-sql-injection/","summary":"Smartshop version 1 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries via the id parameter in category.php GET requests, potentially leading to sensitive data extraction.","title":"CVE-2018-25340 Smartshop 1 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25340-smartshop-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2018-25340","version":"https://jsonfeed.org/version/1.1"}