CVE-2018-18805
published 2018-11-16CVE-2018-18805: Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.20%
91.4th percentile
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pointofsales_project | pointofsales | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →SQL injection occurs in the login form's username field; the vulnerable query concatenates unsanitized user input directly into a SELECT against `tblemployee` — monitor for SQL metacharacters (e.g. single-quote, `||`, `SELECT`, `CONCAT`, `FLOOR`, `RAND`) in login username parameters targeting this application. ↗
- →The exploit payload uses a boolean-based/error-based blind SQLi pattern leveraging `INFORMATION_SCHEMA.PLUGINS` GROUP BY error technique with `FLOOR(RAND(0)*2)` — detect this pattern in database query logs or WAF logs. ↗
- →The injection entry point is the OK_Click handler in LoginForm1.vb (line 12); code review or static analysis should flag this file and function for unsanitized string concatenation into SQL. ↗
- ·The application targets Windows platforms only; exploitation was tested on WiN7_x64 and KaLiLinuX_x64 (attacker-side tooling), so detection efforts should focus on Windows hosts running this VB.Net POS application. ↗
- ·The backend database is MySQL; the error-based GROUP BY injection technique is MySQL-specific and relies on `INFORMATION_SCHEMA.PLUGINS` being accessible — ensure MySQL error output is suppressed in production to limit information disclosure. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/150013/Point-Of-Sales-POS-In-VB.Net-MYSQL-Database-1.0-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/45721/https://www.sourcecodester.com/visual-basic-net/12655/point-sales-pos-vbnet-and-mysql-database.htmlhttp://packetstormsecurity.com/files/150013/Point-Of-Sales-POS-In-VB.Net-MYSQL-Database-1.0-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/45721/https://www.sourcecodester.com/visual-basic-net/12655/point-sales-pos-vbnet-and-mysql-database.html
2018-11-16
Published