{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/endonesia/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25407"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Portal"],"_cs_severities":["critical"],"_cs_tags":["sql-injection","web-application"],"_cs_type":"threat","_cs_vendors":["eNdonesia"],"content_html":"\u003cp\u003eeNdonesia Portal version 8.7 is susceptible to SQL injection vulnerabilities that can be exploited by unauthenticated attackers. These vulnerabilities exist within the \u003ccode\u003emod.php\u003c/code\u003e file, where insufficient input validation allows attackers to inject malicious SQL code through various parameters. Specifically, the \u003ccode\u003eartid\u003c/code\u003e, \u003ccode\u003ecid\u003c/code\u003e, \u003ccode\u003edid\u003c/code\u003e, \u003ccode\u003econtid\u003c/code\u003e, and \u003ccode\u003eaboutid\u003c/code\u003e parameters within the \u003ccode\u003epublisher\u003c/code\u003e, \u003ccode\u003ediskusi\u003c/code\u003e, \u003ccode\u003egaleri\u003c/code\u003e, \u003ccode\u003econtent\u003c/code\u003e, and \u003ccode\u003eabout\u003c/code\u003e modules are vulnerable. Successful exploitation allows attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information, including usernames, database names, and version details. This vulnerability poses a significant risk to organizations using the affected portal, as it could lead to unauthorized access and data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies the vulnerable eNdonesia Portal 8.7 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003emod.php\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into one or more of the vulnerable parameters: \u003ccode\u003eartid\u003c/code\u003e, \u003ccode\u003ecid\u003c/code\u003e, \u003ccode\u003edid\u003c/code\u003e, \u003ccode\u003econtid\u003c/code\u003e, or \u003ccode\u003eaboutid\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the web server hosting the eNdonesia Portal.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request without proper sanitization of the injected SQL code.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the database.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive information, such as usernames, database names, or version details, from the database.\u003c/li\u003e\n\u003cli\u003eThe attacker may further exploit the compromised database for lateral movement or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these SQL injection vulnerabilities allows attackers to extract sensitive information, potentially leading to unauthorized access, data breaches, and further compromise of the affected system. There is no information available regarding the number of victims or sectors targeted. The impact is severe, as it allows unauthenticated attackers to directly query the database.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrades to eNdonesia Portal to version later than 8.7 to remediate CVE-2018-25407.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect potential exploitation attempts against the vulnerable parameters (\u003ccode\u003eartid\u003c/code\u003e, \u003ccode\u003ecid\u003c/code\u003e, \u003ccode\u003edid\u003c/code\u003e, \u003ccode\u003econtid\u003c/code\u003e, \u003ccode\u003eaboutid\u003c/code\u003e) in \u003ccode\u003emod.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on all user-supplied data, especially within the \u003ccode\u003emod.php\u003c/code\u003e file to prevent future SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:18:28Z","date_published":"2026-05-30T16:18:28Z","id":"https://feed.craftedsignal.io/briefs/2026-05-endonesia-sqli/","summary":"eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities allowing unauthenticated attackers to execute arbitrary SQL queries via crafted parameters in mod.php.","title":"eNdonesia Portal 8.7 SQL Injection Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2026-05-endonesia-sqli/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25406"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Portal"],"_cs_severities":["critical"],"_cs_tags":["sql-injection","cve-2018-25406","web-application"],"_cs_type":"threat","_cs_vendors":["eNdonesia"],"content_html":"\u003cp\u003eeNdonesia Portal version 8.7 is vulnerable to SQL injection attacks. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the artid, cid, did, contid, and aboutid parameters in mod.php. The vulnerability exists across multiple modules, including publisher, diskusi, galeri, content, and about. Successful exploitation can lead to the extraction of sensitive information such as database credentials, usernames, and version information, potentially compromising the entire portal and its underlying database. This vulnerability was reported and assigned CVE-2018-25406.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies an eNdonesia Portal 8.7 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET or POST request targeting the mod.php script.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into one of the vulnerable parameters: artid, cid, did, contid, or aboutid.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the eNdonesia Portal server.\u003c/li\u003e\n\u003cli\u003eThe server processes the malicious SQL query without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code executes arbitrary commands on the database server.\u003c/li\u003e\n\u003cli\u003eSensitive data, such as database credentials or user information, is extracted by the attacker through the SQL query.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted information for further malicious activities, potentially gaining complete control of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25406) can lead to the compromise of the eNdonesia Portal and its underlying database. Attackers can extract sensitive information such as database credentials, usernames, and version information. This can result in data breaches, unauthorized access to administrative accounts, and potential defacement or complete takeover of the eNdonesia Portal. Due to the unauthenticated nature of the vulnerability, any publicly accessible instance of eNdonesia Portal 8.7 is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization techniques to all user-supplied input, specifically targeting the artid, cid, did, contid, and aboutid parameters in mod.php.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect SQL injection attempts against eNdonesia Portal 8.7 in web server logs.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of eNdonesia Portal that addresses the CVE-2018-25406 vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:18:16Z","date_published":"2026-05-30T16:18:16Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25406-sql-injection/","summary":"eNdonesia Portal 8.7 is vulnerable to SQL injection (CVE-2018-25406), allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through specific parameters, potentially leading to data exfiltration.","title":"eNdonesia Portal 8.7 SQL Injection Vulnerability (CVE-2018-25406)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25406-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — ENdonesia","version":"https://jsonfeed.org/version/1.1"}