CVE-2023-31753

Name of the Vulnerable Software and Affected Versions eNdonesia version 8.7

Description The issue allows an attacker to execute arbitrary SQL commands via the rid= parameter in the "diskusi.php" file. This enables the attacker to manipulate the database, potentially leading to unauthorized data access or modification.

Recommendations For eNdonesia version 8.7, consider restricting access to the "diskusi.php" file or disabling the use of the rid= parameter until a patch is available. As a temporary workaround, avoid using the rid= parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.