{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25643/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["sql-injection","web-application","cve-2019-25643"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eeNdonesia Portal v8.7 is susceptible to SQL injection vulnerabilities. Unauthenticated attackers can exploit this flaw by injecting malicious SQL code through the \u003ccode\u003ebid\u003c/code\u003e parameter in the \u003ccode\u003ebanners.php\u003c/code\u003e script. The vulnerability allows attackers to execute arbitrary SQL queries against the application\u0026rsquo;s database. Successful exploitation could lead to the unauthorized extraction of sensitive information, including database schema details from \u003ccode\u003eINFORMATION_SCHEMA\u003c/code\u003e tables. This vulnerability, identified as CVE-2019-25643, poses a significant risk due to the ease of exploitation and the potential for extensive data compromise. The vulnerability was reported on March 24, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies an eNdonesia Portal v8.7 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload designed to extract data from the \u003ccode\u003eINFORMATION_SCHEMA\u003c/code\u003e tables.\u003c/li\u003e\n\u003cli\u003eThe attacker constructs a GET request targeting \u003ccode\u003ebanners.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe crafted SQL payload is injected into the \u003ccode\u003ebid\u003c/code\u003e parameter of the GET request: \u003ccode\u003ebanners.php?bid=\u0026lt;SQL_payload\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request and executes the injected SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe database returns the results of the SQL query, potentially including sensitive data or schema information.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the database response containing the extracted information.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the extracted information to further compromise the system or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to the unauthorized disclosure of sensitive data, including user credentials, financial information, and other confidential data stored in the eNdonesia Portal v8.7 database. The impact could range from defacement of the website to complete compromise of the underlying database server. Although the number of affected installations is unknown, any instance of eNdonesia Portal v8.7 is potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetecting eNdonesia banners.php SQL Injection Attempt\u003c/code\u003e to your SIEM to identify exploitation attempts targeting the \u003ccode\u003ebanners.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eExamine web server logs for GET requests to \u003ccode\u003ebanners.php\u003c/code\u003e containing suspicious SQL syntax within the \u003ccode\u003ebid\u003c/code\u003e parameter (reference the log source in the Sigma rule).\u003c/li\u003e\n\u003cli\u003eApply available patches or updates for eNdonesia Portal v8.7 to remediate the CVE-2019-25643 vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T12:16:06Z","date_published":"2026-03-24T12:16:06Z","id":"/briefs/2026-03-endonesia-sql-injection/","summary":"eNdonesia Portal v8.7 is vulnerable to SQL injection allowing unauthenticated attackers to execute arbitrary SQL queries via the bid parameter in banners.php, potentially leading to sensitive data extraction.","title":"eNdonesia Portal v8.7 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-endonesia-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25643","version":"https://jsonfeed.org/version/1.1"}