Skip to content
Threat Feed
high advisory

CVE-2018-25416 - AiOPMSD Final 1.0.0 Unauthenticated SQL Injection

AiOPMSD Final 1.0.0 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter via GET requests to country.php, enabling extraction of sensitive database information including usernames, database names, and version details.

AiOPMSD Final 1.0.0 is susceptible to an SQL injection vulnerability (CVE-2018-25416) that allows unauthenticated attackers to execute arbitrary SQL queries. The vulnerability is located in the country parameter of the country.php file. By crafting malicious SQL payloads within the country parameter of a GET request, an attacker can potentially extract sensitive database information. This includes usernames, database names, and database version details. This vulnerability poses a significant risk to organizations using this software, as it can lead to data breaches and unauthorized access to sensitive information.

Attack Chain

  1. Attacker identifies an AiOPMSD Final 1.0.0 instance accessible over the internet.
  2. Attacker crafts a malicious SQL injection payload to be delivered via the country parameter.
  3. Attacker sends a GET request to country.php with the crafted SQL payload in the country parameter.
  4. The application fails to properly sanitize the country parameter input.
  5. The unsanitized input is passed directly into an SQL query.
  6. The database executes the attacker’s injected SQL code.
  7. The attacker retrieves sensitive database information, such as usernames, database names, and version details.
  8. Attacker uses the extracted information for further malicious activities, such as gaining unauthorized access to the system or performing data exfiltration.

Impact

Successful exploitation of this vulnerability can allow an attacker to extract sensitive information from the database, including usernames, database names, and version details. This can lead to a complete compromise of the application and its data, potentially resulting in significant financial losses, reputational damage, and legal liabilities. There is no mention of observed damage, specific victim counts, or targeted sectors in the source material.

Recommendation

  • Deploy the Sigma rule Detect AiOPMSD SQL Injection Attempt via Country Parameter to your SIEM to detect suspicious GET requests to country.php (see rules).
  • Inspect web server logs for GET requests to country.php with suspicious characters in the country parameter, such as SQL keywords and operators (see rules and logsource).
  • Apply input validation and sanitization to the country parameter within the AiOPMSD application code to prevent SQL injection (reference CVE-2018-25416).

Detection coverage 2

Detect AiOPMSD SQL Injection Attempt via Country Parameter

high

Detects CVE-2018-25416 exploitation — Suspicious GET request to country.php with potential SQL injection attempts in the country parameter

sigma tactics: initial_access techniques: T1190 sources: webserver

Detect AiOPMSD SQL Injection Error Messages

medium

Detects CVE-2018-25416 exploitation — Server responses containing SQL error messages, potentially indicating a successful SQL injection attempt

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →