cbcvebase.
CVE-2025-10878
published 2026-02-03

CVE-2025-10878: A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are…

PriorityP265critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.60%
44.3th percentile
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).

Affected

2 ranges
VendorProductVersion rangeFixed in
insaatfikir_odalari_adminpando
omranfikir_odalari_adminpando<= 1.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.