CVE-2018-25175

Name of the Vulnerable Software and Affected Versions Alienor Web Libre version 2.0

Description Alienor Web Libre 2.0 contains an SQL injection issue that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests to the ''index.php'' endpoint with SQL injection payloads through the identifiant parameter. This allows extraction of sensitive database information, including usernames, databases, and version details.

Recommendations Apply a fix to sanitize the identifiant parameter in the ''index.php'' endpoint to prevent SQL injection attacks.