CVE-2018-25406
8.2 HIGHeNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL querie...
Published: 2026-05-30 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 8.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-89
Description
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database credentials, usernames, and version information.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-52700 — Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions (8.5 HIGH)
- CVE-2026-52697 — Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions (8.5 HIGH)
- CVE-2026-52693 — Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions (9.3 CRITICAL)
- CVE-2026-49776 — Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 vers... (9.3 CRITICAL)
- CVE-2026-49067 — Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions (9.3 CRITICAL)