CVE-2018-25175

HIGH

Alienor Web Libre 2.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25175. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This is a functional SQL injection exploit for Alienor Web Libre 2.0, demonstrating a time-based blind SQLi via the 'identifiant' parameter in a POST request. The payload extracts database information (user, database name, version) through a crafted SQL query.

Description

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45827

This is a functional SQL injection exploit for Alienor Web Libre 2.0, demonstrating a time-based blind SQLi via the 'identifiant' parameter in a POST request. The payload extracts database information (user, database name, version) through a crafted SQL query.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Alienor Web Libre 2.0
No auth needed
Prerequisites: access to the login page · PHP session cookie
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45827

Scores

CVSS v3 8.2
EPSS 0.0025
EPSS Percentile 16.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026