CVE-2018-25405

Name of the Vulnerable Software and Affected Versions eNdonesia Portal version 8.7

Description Multiple SQL injection flaws allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod.php' endpoint. Specifically, the artid, cid, did, contid, and aboutid parameters are susceptible, enabling the extraction of sensitive database information such as usernames, database names, and version details.

Recommendations Update eNdonesia Portal version 8.7 to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to the 'mod.php' endpoint or sanitize the artid, cid, did, contid, and aboutid parameters to minimize the risk of exploitation.