SQL Injection Vulnerability in eNdonesia by eNdonesia
CVE-2023-31753

9.8CRITICAL

Key Information:

Vendor

Endonesia

Status
Endonesia
Vendor
CVE Published:
20 July 2023

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-31753?

The eNdonesia product version 8.7 is vulnerable to an SQL injection flaw found in the diskusi.php file. This vulnerability allows attackers to manipulate SQL queries by injecting arbitrary commands through the 'rid=' parameter. Exploiting this vulnerability can result in unauthorized data access, including potential database leakage or data manipulation.

References

https://github.com/khmk2k/CVE-2023-31753/

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.