CVE-2018-25175

Vulnerability

Overview

Alienor Web Libre 2.0 contains a SQL injection vulnerability in the identifiant parameter of the login form. The application fails to sanitize user input before using it in SQL queries, allowing an attacker to inject arbitrary SQL commands. The official description confirms that unauthenticated attackers can execute arbitrary SQL queries by injecting malicious code through this parameter [1].

Exploitation

The vulnerability can be exploited without authentication by sending a crafted POST request to index.php. The exploit payload is placed in the identifiant field, as demonstrated in the public proof-of-concept [1]. The attacker does not need a valid session or any prior access; the only requirement is network connectivity to the target web server. The PoC shows how to use a blind SQL injection technique to extract database information.

Impact

Successful exploitation allows an attacker to retrieve sensitive information from the database, including usernames, database names, and version details. This can lead to further compromise of the application and underlying system. The CVSS score of 8.2 (High) reflects the ease of exploitation and the potential for significant data exposure.

Mitigation

As of the publication date, no official patch has been released for Alienor Web Libre 2.0. Users are advised to upgrade to a newer version if available, or to implement input validation and parameterized queries as a workaround. Given the age of the software (2018), it may be end-of-life, and migration to an alternative solution is recommended.