CVE-2018-25166

Vulnerability

Overview

Meneame English Pligg 5.8 contains a SQL injection vulnerability exists in the search functionality. The application fails to properly sanitize user input passed through the search parameter in GET requests to index.php. This allows an attacker to inject arbitrary SQL commands without authentication [1][2].

Exploitation

An unauthenticated attacker can exploit this by sending a crafted HTTP GET request to the vulnerable endpoint. The proof-of-concept demonstrates injecting a SQL payload that uses a subquery to extract database version, current user, and database name via a blind SQL injection technique [1]. The attack requires no special privileges or prior knowledge of the application.

Impact

Successful exploitation enables the attacker to execute arbitrary SQL queries, leading to the extraction of sensitive information such as usernames, database names, and database version details. This can compromise the confidentiality of the application's data and potentially lead to further attacks [2].

Mitigation

As of the latest information, the vendor has not released a patched version. Users are advised to apply input validation and parameterized queries to mitigate the risk. The vulnerability is publicly documented and has a proof-of-concept available [1][2].