CVE-2018-25407 documents multiple SQL injection vulnerabilities in eNdonesia Portal 8.7, a content management system. The vulnerability resides in the mod.php file where multiple parameters fail to properly sanitize user input before incorporating it into SQL queries. Unauthenticated remote attackers can exploit this flaw through the artid, cid, did, contid, and aboutid parameters across five distinct mod [truncated]
CVE-2018-25406 documents multiple SQL injection vulnerabilities in eNdonesia Portal 8.7, a content management system. The vulnerability resides in the mod.php file, where multiple parameters fail to properly sanitize user input before incorporating it into SQL queries. The affected parameters include artid, cid, did, contid, and aboutid, spanning across the publisher, diskusi, galeri, content, and about m [truncated]
CVE-2018-25405 documents multiple SQL injection vulnerabilities in eNdonesia Portal 8.7, specifically within the mod.php component. Unauthenticated attackers can inject malicious SQL through multiple parameters—artid, cid, did, contid, and aboutid—to execute arbitrary database queries. Successful exploitation enables extraction of sensitive information including usernames, database names, and version deta [truncated]