Kunal Khubchandani

**Name of the Vulnerable Software and Affected Versions** eNdonesia version 8.7 **Description** The issue allows an attacker to execute arbitrary SQL commands via the `rid=` parameter in the "diskusi.php" file. This enables the attacker to manipulate the database, potentially leading to unauthorized data access or modification. **Recommendations** For eNdonesia version 8.7, consider restricting access to the "diskusi.php" file or disabling the use of the `rid=` parameter until a patch is available. As a temporary workaround, avoid using the `rid=` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.