CVE-2018-25406 documents multiple SQL injection vulnerabilities in eNdonesia Portal 8.7, a content management system. The vulnerability resides in the mod.php file, where multiple parameters fail to properly sanitize user input before incorporating it into SQL queries. The affected parameters include artid, cid, did, contid, and aboutid, spanning across the publisher, diskusi, galeri, content, and about m [truncated]
CVE-2018-25405 documents multiple SQL injection vulnerabilities in eNdonesia Portal 8.7, specifically within the mod.php component. Unauthenticated attackers can inject malicious SQL through multiple parameters—artid, cid, did, contid, and aboutid—to execute arbitrary database queries. Successful exploitation enables extraction of sensitive information including usernames, database names, and version deta [truncated]
