CVE-2018-25188
SQL Injection in Webiness Inventory 2.3 Allows Data Extraction
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webiness | inventory | 2.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "The vulnerability in Webiness Inventory 2.3 is an SQL injection flaw found in the 'order' parameter of the application. It allows unauthenticated attackers to inject arbitrary SQL code by sending specially crafted POST requests to the WsModelGrid.php endpoint."}, {'type': 'paragraph', 'content': 'By exploiting this flaw, attackers can manipulate the backend SQL queries to execute unauthorized commands, such as extracting sensitive information from the database.'}, {'type': 'paragraph', 'content': 'The exploit involves injecting nested SQL SELECT statements encoded in URL format, which can retrieve metadata like database users, database names, and version details.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive database information such as usernames, database names, and version details.
Attackers can leverage this flaw to extract confidential data, potentially leading to data breaches or further exploitation of the system.
Since the vulnerability allows execution of arbitrary SQL queries without authentication, it poses a high risk of data exposure and manipulation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This SQL injection vulnerability can be detected by sending crafted POST requests to the endpoint `/protected/library/ajax/WsModelGrid.php` with malicious payloads in the 'order' parameter."}, {'type': 'paragraph', 'content': "A detection method involves sending a specially crafted SQL injection payload encoded in URL format within the 'order' parameter and observing the server response."}, {'type': 'paragraph', 'content': 'For example, using curl to send a POST request with an injection payload can help detect the vulnerability if the server returns an HTTP 500 error indicating backend SQL execution failure.'}, {'type': 'list_item', 'content': 'curl -X POST -d "order=%27%20UNION%20SELECT%201,user(),database(),version()--" https://targetsite/protected/library/ajax/WsModelGrid.php'}, {'type': 'list_item', 'content': 'Monitor for HTTP 500 server errors or unexpected database information in the response, which indicates successful SQL injection.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable endpoint and applying input validation or sanitization on the 'order' parameter to prevent SQL injection."}, {'type': 'paragraph', 'content': 'If possible, update or patch the Webiness Inventory software to a version that addresses this vulnerability.'}, {'type': 'paragraph', 'content': "Additionally, monitor logs for suspicious POST requests to `/protected/library/ajax/WsModelGrid.php` and consider implementing web application firewall (WAF) rules to block malicious payloads targeting the 'order' parameter."}] [1]