Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Alienor Web Libre 2.0 allows hackers to steal sensitive database info
CVE-2018-25175
Summary
Alienor Web Libre 2.0 has a security flaw that lets hackers access sensitive information from its database without needing a login. This means they can see usernames, database names, and version details. To stay safe, update your Alienor Web Libre 2.0 to the latest version, or remove it altogether if possible.
Original title
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. A...
Original description
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026