CVE-2018-25415

Vulnerability

AiOPMSD Final 1.0.0 is vulnerable to SQL injection in director.php through the director GET parameter [2][3]. The vulnerability does not require authentication or any special configuration. An attacker can inject arbitrary SQL queries into the director parameter, which is directly concatenated into a database query without proper sanitization.

Exploitation

An unauthenticated attacker can exploit this by sending a crafted GET request to director.php with a malicious SQL payload in the director parameter. For example: GET /director.php?director=1' OR '1'='1 [3]. No user interaction or special privileges are needed; the attack can be executed remotely over HTTP.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL queries against the database. This can lead to extraction of sensitive information such as usernames, database names, and database version details [3]. The vulnerability enables confidential data disclosure but does not directly allow file modification or remote code execution.

Mitigation

No official patch has been released for this vulnerability. As of the CVE publication date, the project appears to be abandoned (final version dated 2017). Users are advised to disable director.php or implement a web application firewall (WAF) to filter malicious SQL payloads [2][3].