Nordex N149/4.0-4.5 Wind Turbine SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Nordex N149/4.0-4.5 Wind Turbine Web Server. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the login parameter of login.php. Exploitation involves sending crafted POST requests with SQL injection payloads, which can be used to extract sensitive database information and bypass authentication mechanisms.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, enabling attackers to manipulate the database, extract sensitive information, or potentially bypass authentication.

Reproduction

To reproduce this vulnerability, send a POST request to the login.php endpoint with a crafted SQL injection payload in the login field. The injection can exploit the application's SQL query handling, allowing the attacker to execute arbitrary SQL commands.