PatchSiren

PatchSiren cyber security CVE debrief

CVE-2018-25406 Endonesia CVE debrief

CVE-2018-25406 documents multiple SQL injection vulnerabilities in eNdonesia Portal 8.7, a content management system. The vulnerability resides in the mod.php file, where multiple parameters fail to properly sanitize user input before incorporating it into SQL queries. The affected parameters include artid, cid, did, contid, and aboutid, spanning across the publisher, diskusi, galeri, content, and about modules. An unauthenticated attacker can exploit these flaws to execute arbitrary SQL queries, enabling extraction of database credentials, usernames, and version information. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no required privileges, and no user interaction, with high confidentiality impact and low integrity impact. The vulnerability is classified under CWE-89 (SQL Injection). The vendor identification carries low confidence based on reference domain candidate evidence, and the product name remains unspecified in available sources. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Vendor
Endonesia
Product
eNdonesia Portal
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-30
Original CVE updated
2026-05-30
Advisory published
2026-05-30
Advisory updated
2026-05-30

Who should care

Organizations running eNdonesia Portal 8.7, particularly those exposing mod.php to untrusted networks. Database administrators responsible for credential security. Security teams monitoring for unauthenticated web application vulnerabilities. Incident response teams tracking potential data exfiltration from content management systems.

Technical summary

CVE-2018-25406 affects eNdonesia Portal 8.7, specifically the mod.php entry point. Multiple parameters—artid, cid, did, contid, and aboutid—across five modules (publisher, diskusi, galeri, content, about) are vulnerable to SQL injection due to insufficient input sanitization. The vulnerability permits unauthenticated remote attackers to execute arbitrary SQL queries, with demonstrated impact including extraction of database credentials, usernames, and version information. The CVSS 4.0 score of 8.8 (HIGH) reflects network accessibility, low attack complexity, no privilege requirements, and high confidentiality impact. The underlying weakness is CWE-89 (Improper Neutralization of Special Elements in SQL Command).

Defensive priority

HIGH

Recommended defensive actions

  • Apply input validation and parameterized queries to all mod.php parameters including artid, cid, did, contid, and aboutid across publisher, diskusi, galeri, content, and about modules
  • Implement least-privilege database access controls to limit impact of successful SQL injection
  • Deploy Web Application Firewall rules to detect and block SQL injection patterns in requests to mod.php
  • Review application logs for anomalous SQL query patterns or unauthorized data access attempts
  • Remove or restrict access to mod.php if the affected modules are not required for operations
  • Monitor for unauthorized database credential access or enumeration attempts
  • Validate and update to a patched version of eNdonesia Portal when available from the vendor

Evidence notes

Vulnerability description sourced from official CVE record and NVD data. Affected parameters (artid, cid, did, contid, aboutid) and modules (publisher, diskusi, galeri, content, about) identified through source references. CVSS 4.0 vector and CWE-89 classification provided in NVD metadata. Vendor attribution derived from reference domain candidate with low confidence flag.

Official resources

CVE-2018-25406 was published on 2026-05-30T16:17:00.303Z. The vulnerability affects eNdonesia Portal 8.7, with disclosure attributed to vulncheck.com. The NVD entry currently holds a status of 'Received'.