CVE-2018-25407

Name of the Vulnerable Software and Affected Versions eNdonesia Portal version 8.7

Description Multiple SQL injection flaws allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod.php' endpoint. The issue exists within the publisher, diskusi, galeri, content, and about modules, specifically affecting the artid, cid, did, contid, and aboutid parameters. This can be used to extract sensitive database information, such as usernames, database names, and version details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.