SQL Injection Vulnerabilities in eNdonesia Portal by eNdonesia
CVE-2018-25406
8.8HIGH
What is CVE-2018-25406?
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that enable unauthenticated attackers to execute arbitrary SQL queries. By exploiting this flaw through malicious code injection in parameters such as artid, cid, did, contid, and aboutid, attackers can access sensitive information, including database credentials, usernames, and version details. This poses significant risks to the integrity and confidentiality of the data managed by the affected portal.
Affected Version(s)
eNdonesia Portal 8.7
References
CVSS V4
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Ihsan Sencan