{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/adianti/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25257"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Adianti Framework"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","adianti-framework"],"_cs_type":"advisory","_cs_vendors":["Adianti"],"content_html":"\u003cp\u003eAdianti Framework, a PHP-based web application framework, versions 5.5.0 and 5.6.0 are susceptible to SQL injection (CVE-2018-25257). The vulnerability resides in the SystemProfileForm, specifically within the 'name' field. An authenticated user can inject arbitrary SQL code through this field, leading to potential unauthorized data access or modification. This flaw could be exploited to escalate privileges, potentially granting an attacker administrative control over the affected application. Given the potential for complete system compromise, organizations using these versions of the Adianti Framework should take immediate action to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains valid user credentials for the Adianti Framework application.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the SystemProfileForm page, typically used for editing user profile information.\u003c/li\u003e\n\u003cli\u003eIn the 'name' field, the attacker crafts a malicious SQL injection payload. This payload is designed to modify the database query used to update the user profile.\u003c/li\u003e\n\u003cli\u003eThe attacker submits the form with the injected SQL code.\u003c/li\u003e\n\u003cli\u003eThe application processes the request, executing the attacker-controlled SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code modifies user credentials within the database, potentially granting administrative privileges to the attacker's account or other accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker logs in with the compromised administrative account.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their elevated privileges to perform malicious actions such as data exfiltration, system modification, or further compromise of the underlying infrastructure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability allows attackers to gain unauthorized access to sensitive data, modify user accounts, and potentially gain full administrative control of the Adianti Framework application. This can lead to data breaches, service disruption, and reputational damage. The vulnerability affects versions 5.5.0 and 5.6.0 of the Adianti Framework. The number of affected installations is currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of the Adianti Framework that addresses CVE-2018-25257.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule \u0026quot;Detect Adianti Framework SQL Injection Attempt\u0026quot; to monitor web server logs for potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on all user-supplied data within the Adianti Framework, particularly on the 'name' field in SystemProfileForm, to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eRestrict database access privileges to the minimum necessary for the application to function correctly.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-adianti-sql-injection/","summary":"Adianti Framework versions 5.5.0 and 5.6.0 are vulnerable to SQL injection via the SystemProfileForm name field, allowing authenticated users to manipulate database queries, modify user credentials, and potentially gain administrative access.","title":"Adianti Framework SQL Injection Vulnerability (CVE-2018-25257)","url":"https://feed.craftedsignal.io/briefs/2024-01-adianti-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Adianti","version":"https://jsonfeed.org/version/1.1"}