{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2018-25406/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25406"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Portal"],"_cs_severities":["critical"],"_cs_tags":["sql-injection","cve-2018-25406","web-application"],"_cs_type":"threat","_cs_vendors":["eNdonesia"],"content_html":"\u003cp\u003eeNdonesia Portal version 8.7 is vulnerable to SQL injection attacks. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the artid, cid, did, contid, and aboutid parameters in mod.php. The vulnerability exists across multiple modules, including publisher, diskusi, galeri, content, and about. Successful exploitation can lead to the extraction of sensitive information such as database credentials, usernames, and version information, potentially compromising the entire portal and its underlying database. This vulnerability was reported and assigned CVE-2018-25406.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies an eNdonesia Portal 8.7 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET or POST request targeting the mod.php script.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into one of the vulnerable parameters: artid, cid, did, contid, or aboutid.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the eNdonesia Portal server.\u003c/li\u003e\n\u003cli\u003eThe server processes the malicious SQL query without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code executes arbitrary commands on the database server.\u003c/li\u003e\n\u003cli\u003eSensitive data, such as database credentials or user information, is extracted by the attacker through the SQL query.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted information for further malicious activities, potentially gaining complete control of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25406) can lead to the compromise of the eNdonesia Portal and its underlying database. Attackers can extract sensitive information such as database credentials, usernames, and version information. This can result in data breaches, unauthorized access to administrative accounts, and potential defacement or complete takeover of the eNdonesia Portal. Due to the unauthenticated nature of the vulnerability, any publicly accessible instance of eNdonesia Portal 8.7 is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization techniques to all user-supplied input, specifically targeting the artid, cid, did, contid, and aboutid parameters in mod.php.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect SQL injection attempts against eNdonesia Portal 8.7 in web server logs.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of eNdonesia Portal that addresses the CVE-2018-25406 vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:18:16Z","date_published":"2026-05-30T16:18:16Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25406-sql-injection/","summary":"eNdonesia Portal 8.7 is vulnerable to SQL injection (CVE-2018-25406), allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through specific parameters, potentially leading to data exfiltration.","title":"eNdonesia Portal 8.7 SQL Injection Vulnerability (CVE-2018-25406)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25406-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2018-25406","version":"https://jsonfeed.org/version/1.1"}