CVE-2018-25175

HIGH 8.2

Alienor Web Libre 2.0 SQL Injection via index.php

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

0th

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details.

CWE	CWE-89
Vendor	alienor
Product	alienor web libre
Published	Mar 6, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for alienor alienor web libre

Be the first to know when new high vulnerabilities affecting alienor alienor web libre are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

Alienor / Alienor Web Libre

2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45827 vulncheck.com: https://www.vulncheck.com/advisories/alienor-web-libre-sql-injection-via-indexphp

Credits

Ihsan Sencan