CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-10878

A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.7%

CVSS Severity

CVSS v3 Score 10.0

References

https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi
https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikir-odalar%C4%B1-adminpando/
https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikir-odalar%C4%B1-adminpando/

Products affected by CVE-2025-10878

Omran » Fikir Odalari Adminpando » Version: Any

cpe:2.3:a:omran:fikir_odalari_adminpando:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-10878

Products

Pricing

Contact Us