CVE-2018-25171
Received Received - Intake
SQL Injection in EdTv 2 Allows Unauthorized Data Extraction

Publication date: 2026-03-06

Last updated on: 2026-03-06

Assigner: VulnCheck

Description
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint with crafted SQL UNION statements to extract database information including schema names, user credentials, and version details.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25171
EUVD
EUVD-2018-21626
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
edtv edtv 2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the vulnerable admin/edit_source endpoint to authorized users only.'}, {'type': 'paragraph', 'content': 'Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.'}, {'type': 'paragraph', 'content': 'If possible, temporarily disable or restrict the affected functionality until a proper patch or fix is applied.'}, {'type': 'paragraph', 'content': "Monitoring web server logs for suspicious requests targeting the 'id' parameter can also help detect exploitation attempts."}] [1]

Executive Summary

[{'type': 'paragraph', 'content': "This vulnerability is an SQL injection in EdTv 2, a PHP-based web application. It occurs because the application improperly handles the 'id' parameter in the admin/edit_source endpoint, allowing attackers to inject malicious SQL code."}, {'type': 'paragraph', 'content': "Unauthenticated attackers can send specially crafted GET requests with SQL UNION statements through the 'id' parameter to execute arbitrary SQL queries on the database."}, {'type': 'paragraph', 'content': 'This can lead to extraction of sensitive database information such as schema names, user credentials, database version, and other details.'}] [1]

Impact Analysis

This vulnerability can have serious impacts including unauthorized disclosure of sensitive database information.

  • Attackers can retrieve database schema details, user credentials, and version information.
  • It allows execution of arbitrary SQL queries, which can lead to data leakage or further compromise of the application.
  • Since the vulnerability is exploitable without authentication, it poses a high risk to the confidentiality of your data.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted HTTP GET requests to the vulnerable endpoint and analyzing the responses for database information leakage.'}, {'type': 'paragraph', 'content': "Specifically, you can test the 'id' parameter of the admin/edit_source endpoint by injecting SQL UNION SELECT statements to see if database schema names, user credentials, or version details are returned."}, {'type': 'paragraph', 'content': 'An example command using curl to test the vulnerability is:'}, {'type': 'list_item', 'content': 'curl "http://<target>/edtv/index.php/admin/edit_source&?id=-1 UNION SELECT 1, schema_name, 3, 4 FROM information_schema.schemata--"'}, {'type': 'paragraph', 'content': 'If the response contains database schema names or other database information, the system is vulnerable.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25171. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart