CVE-2019-25643

Name of the Vulnerable Software and Affected Versions eNdonesia Portal version 8.7

Description Unauthenticated attackers can execute arbitrary SQL queries by injecting malicious code through the bid parameter. This is achieved by sending GET requests to the 'banners.php' endpoint with crafted SQL payloads to extract sensitive database information from the INFORMATION SCHEMA tables.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.