Primary

Context

eNdonesia Portal SQL Injection Vulnerability in Banners.php

Vulnerability

A SQL injection vulnerability has been identified in eNdonesia Portal version 8.7. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'bid' parameter. The exploitation occurs in the 'banners.php' file, where injected SQL can be used to extract sensitive information from the database's INFORMATION_SCHEMA tables.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation.

Reproduction

The vulnerability can be reproduced by sending a GET request to 'banners.php' with a crafted SQL payload in the 'bid' parameter. The injected SQL payload can be designed to extract data from the database, such as sensitive information from the INFORMATION_SCHEMA tables.

Added: Mar 24, 2026, 12:23 PM

Updated: Mar 24, 2026, 12:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eNdonesia Portal SQL Injection Vulnerability in Banners.php

Vulnerability

Impact

Reproduction

Affected Products

eNdonesia Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating