CVE-2018-25171
SQL Injection in EdTv 2 Allows Unauthorized Data Extraction
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edtv | edtv | 2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the vulnerable admin/edit_source endpoint to authorized users only.'}, {'type': 'paragraph', 'content': 'Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.'}, {'type': 'paragraph', 'content': 'If possible, temporarily disable or restrict the affected functionality until a proper patch or fix is applied.'}, {'type': 'paragraph', 'content': "Monitoring web server logs for suspicious requests targeting the 'id' parameter can also help detect exploitation attempts."}] [1]
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability is an SQL injection in EdTv 2, a PHP-based web application. It occurs because the application improperly handles the 'id' parameter in the admin/edit_source endpoint, allowing attackers to inject malicious SQL code."}, {'type': 'paragraph', 'content': "Unauthenticated attackers can send specially crafted GET requests with SQL UNION statements through the 'id' parameter to execute arbitrary SQL queries on the database."}, {'type': 'paragraph', 'content': 'This can lead to extraction of sensitive database information such as schema names, user credentials, database version, and other details.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized disclosure of sensitive database information.
- Attackers can retrieve database schema details, user credentials, and version information.
- It allows execution of arbitrary SQL queries, which can lead to data leakage or further compromise of the application.
- Since the vulnerability is exploitable without authentication, it poses a high risk to the confidentiality of your data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted HTTP GET requests to the vulnerable endpoint and analyzing the responses for database information leakage.'}, {'type': 'paragraph', 'content': "Specifically, you can test the 'id' parameter of the admin/edit_source endpoint by injecting SQL UNION SELECT statements to see if database schema names, user credentials, or version details are returned."}, {'type': 'paragraph', 'content': 'An example command using curl to test the vulnerability is:'}, {'type': 'list_item', 'content': 'curl "http://<target>/edtv/index.php/admin/edit_source&?id=-1 UNION SELECT 1, schema_name, 3, 4 FROM information_schema.schemata--"'}, {'type': 'paragraph', 'content': 'If the response contains database schema names or other database information, the system is vulnerable.'}] [1]