{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/endonesia-portal-8.7/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25405"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["eNdonesia Portal 8.7"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve-2018-25405"],"_cs_type":"threat","_cs_vendors":["eNdonesia Portal"],"content_html":"\u003cp\u003eeNdonesia Portal 8.7 is susceptible to SQL injection vulnerabilities. Disclosed in 2018 and identified as CVE-2018-25405, these flaws allow unauthenticated attackers to inject malicious SQL code into vulnerable parameters. The affected parameters, artid, cid, did, contid, and aboutid, are located within the \u003ccode\u003emod.php\u003c/code\u003e script. Successful exploitation could lead to unauthorized access to sensitive database information, including usernames, database names, and version details. Defenders should implement appropriate input validation and sanitization to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an eNdonesia Portal 8.7 instance running a vulnerable version of the software.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003emod.php\u003c/code\u003e script.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into one of the vulnerable parameters: \u003ccode\u003eartid\u003c/code\u003e, \u003ccode\u003ecid\u003c/code\u003e, \u003ccode\u003edid\u003c/code\u003e, \u003ccode\u003econtid\u003c/code\u003e, or \u003ccode\u003eaboutid\u003c/code\u003e. For example, \u003ccode\u003emod.php?artid=1'+UNION+SELECT+version()--\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request and executes the injected SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe database server executes the malicious SQL query due to the lack of proper input validation and sanitization in the \u003ccode\u003emod.php\u003c/code\u003e script.\u003c/li\u003e\n\u003cli\u003eThe database server returns the results of the injected SQL query to the web server. This may include sensitive information such as database version, user credentials, or other application data.\u003c/li\u003e\n\u003cli\u003eThe web server includes the results of the SQL query in the HTTP response to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the HTTP response to extract the sensitive information obtained from the database. The attacker may use this information for further malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can allow attackers to extract sensitive information from the eNdonesia Portal database. This may include usernames, passwords, database names, version details, and other confidential data. The extracted information can be used for subsequent attacks, such as account compromise, data theft, or further exploitation of the system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule to detect SQL injection attempts targeting the vulnerable parameters in \u003ccode\u003emod.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to all user-supplied input, especially the \u003ccode\u003eartid\u003c/code\u003e, \u003ccode\u003ecid\u003c/code\u003e, \u003ccode\u003edid\u003c/code\u003e, \u003ccode\u003econtid\u003c/code\u003e, and \u003ccode\u003eaboutid\u003c/code\u003e parameters in \u003ccode\u003emod.php\u003c/code\u003e, to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eEnsure that the eNdonesia Portal installation is updated to a version that addresses CVE-2018-25405.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, such as unusual HTTP requests or database errors, to identify potential SQL injection attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:18:03Z","date_published":"2026-05-30T16:18:03Z","id":"https://feed.craftedsignal.io/briefs/2026-05-endonesia-sql-injection/","summary":"eNdonesia Portal version 8.7 is vulnerable to SQL injection (CVE-2018-25405), allowing unauthenticated attackers to execute arbitrary SQL queries through the artid, cid, did, contid, and aboutid parameters in mod.php, potentially leading to the extraction of sensitive database information.","title":"eNdonesia Portal 8.7 SQL Injection Vulnerability (CVE-2018-25405)","url":"https://feed.craftedsignal.io/briefs/2026-05-endonesia-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — ENdonesia Portal 8.7","version":"https://jsonfeed.org/version/1.1"}