cbcvebase.
CVE-2018-18805
published 2018-11-16

CVE-2018-18805: Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.20%
91.4th percentile
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.

Affected

1 ranges
VendorProductVersion rangeFixed in
pointofsales_projectpointofsales

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://www.sourcecodester.com/sites/default/files/download/janobe/poinofsales_0.zip
pathLoginForm1.vb
  • SQL injection occurs in the login form's username field; the vulnerable query concatenates unsanitized user input directly into a SELECT against `tblemployee` — monitor for SQL metacharacters (e.g. single-quote, `||`, `SELECT`, `CONCAT`, `FLOOR`, `RAND`) in login username parameters targeting this application.
  • The exploit payload uses a boolean-based/error-based blind SQLi pattern leveraging `INFORMATION_SCHEMA.PLUGINS` GROUP BY error technique with `FLOOR(RAND(0)*2)` — detect this pattern in database query logs or WAF logs.
  • The injection entry point is the OK_Click handler in LoginForm1.vb (line 12); code review or static analysis should flag this file and function for unsanitized string concatenation into SQL.
  • ·The application targets Windows platforms only; exploitation was tested on WiN7_x64 and KaLiLinuX_x64 (attacker-side tooling), so detection efforts should focus on Windows hosts running this VB.Net POS application.
  • ·The backend database is MySQL; the error-based GROUP BY injection technique is MySQL-specific and relies on `INFORMATION_SCHEMA.PLUGINS` being accessible — ensure MySQL error output is suppressed in production to limit information disclosure.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.