CVE-2018-25173

The vulnerability is a SQL injection flaw in the gid parameter of the editgrp.php script in Rmedia SMS 1.0. The application fails to sanitize or parameterize user input before including it in a SQL query, enabling an attacker to inject arbitrary SQL code. The exploit shown in the reference uses EXTRACTVALUE and CONCAT functions to extract schema names from the INFORMATION_SCHEMA database [1].

To exploit this, an unauthenticated attacker sends a GET request to editgrp.php with a malicious gid value. No prior authentication is required, and the attack can be carried out over the network. The provided exploit demonstrates injecting SQL via the gid parameter to retrieve database information [1].

Successful exploitation allows the attacker to extract sensitive data from the database, including schema names and presumably other table contents. The impact is high as it compromises the confidentiality of the database [1].

No patch or vendor advisory is available; the software appears abandoned. As a result, users of Rmedia SMS 1.0 are advised to take the application offline or implement robust input validation and parameterized queries [1].