Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-25166. PoCs published by Ihsan Sencan.
AI-analyzed exploit summary This is a functional SQL injection exploit for Meneame English Pligg 5.8, demonstrating a time-based blind SQLi via the 'search' parameter. The payload extracts database information, including user, database name, and version.
Description
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to extract sensitive database information including usernames, database names, and version details.
Exploits (1)
This is a functional SQL injection exploit for Meneame English Pligg 5.8, demonstrating a time-based blind SQLi via the 'search' parameter. The payload extracts database information, including user, database name, and version.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N