CVE-2018-25182

Vulnerability

Overview

CVE-2018-25182 describes an SQL injection vulnerability in Silurus Classifieds Script 2.0. The root cause is the lack of input sanitization on the ID parameter in wcategory.php. An attacker can inject arbitrary SQL queries by sending a crafted GET request to this endpoint, as demonstrated in the public exploit [1].

Exploitation

Details

No authentication is required to exploit this vulnerability. An attacker simply sends a GET request to wcategory.php with a malicious ID parameter containing a UNION-based SQL injection payload. The exploit proof-of-concept shows that the attacker can retrieve database table names and other sensitive information by manipulating the SQL query [1]. The attack is straightforward and can be executed remotely over HTTP.

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary SQL queries against the underlying database. This can lead to the extraction of all database contents, including user credentials, personal data, and other sensitive information stored by the classifieds application. The impact is high, as it compromises the confidentiality and integrity of the entire database [1].

Mitigation

Status

As of the publication date, no official patch has been released for Silurus Classifieds Script 2.0. The software appears to be abandoned, with no updates from the vendor. Users are advised to migrate to a supported alternative or implement strict input validation and parameterized queries to mitigate the risk. The vulnerability is publicly documented and has a proof-of-concept exploit available [1].