eNdonesia Portal SQL Injection Vulnerability

Vulnerability

Multiple SQL injection vulnerabilities have been identified in eNdonesia Portal version 8.7. These vulnerabilities allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through various parameters in mod.php. The affected parameters include artid, cid, did, contid, and aboutid, across several modules such as publisher, diskusi, galeri, content, and about. Exploitation of these vulnerabilities could lead to unauthorized access to database information, including usernames, database names, and version details.

Impact

Successful exploitation allows for arbitrary SQL query execution, potentially leading to unauthorized data access or manipulation.

Added: May 30, 2026, 4:30 PM

Updated: May 30, 2026, 4:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eNdonesia Portal SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

eNdonesia Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating