Alienor Web Libre SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Alienor Web Libre version 2.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the 'identifiant' parameter. Exploitation involves sending crafted POST requests to 'index.php' with SQL injection payloads, which can be used to extract sensitive database information such as usernames, database names, and version details.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries and potentially access or modify sensitive information in the database.

Reproduction

To reproduce this vulnerability, send a POST request to 'index.php' with an SQL injection payload in the 'identifiant' parameter. The payload can be crafted to extract database information, such as using SQL functions to concatenate and retrieve details about the database user, database name, and version.