https://feed.craftedsignal.io/vendors/endonesia/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSat, 30 May 2026 16:18:28 +0000https://feed.craftedsignal.io/briefs/2026-05-endonesia-sqli/Sat, 30 May 2026 16:18:28 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-endonesia-sqli/eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities allowing unauthenticated attackers to execute arbitrary SQL queries via crafted parameters in mod.php.eNdonesia Portal version 8.7 is susceptible to SQL injection vulnerabilities that can be exploited by unauthenticated attackers. These vulnerabilities exist within the mod.php file, where insufficient input validation allows attackers to inject malicious SQL code through various parameters. Specifically, the artid, cid, did, contid, and aboutid parameters within the publisher, diskusi, galeri, content, and about modules are vulnerable. Successful exploitation allows attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information, including usernames, database names, and version details. This vulnerability poses a significant risk to organizations using the affected portal, as it could lead to unauthorized access and data breaches.

Attack Chain

1. An unauthenticated attacker identifies the vulnerable eNdonesia Portal 8.7 instance.
2. The attacker crafts a malicious HTTP request targeting the mod.php file.
3. The attacker injects SQL code into one or more of the vulnerable parameters: artid, cid, did, contid, or aboutid.
4. The crafted request is sent to the web server hosting the eNdonesia Portal.
5. The web server processes the request without proper sanitization of the injected SQL code.
6. The injected SQL code is executed against the database.
7. The attacker retrieves sensitive information, such as usernames, database names, or version details, from the database.
8. The attacker may further exploit the compromised database for lateral movement or data exfiltration.

Impact

Successful exploitation of these SQL injection vulnerabilities allows attackers to extract sensitive information, potentially leading to unauthorized access, data breaches, and further compromise of the affected system. There is no information available regarding the number of victims or sectors targeted. The impact is severe, as it allows unauthenticated attackers to directly query the database.

Recommendation

• Apply available patches or upgrades to eNdonesia Portal to version later than 8.7 to remediate CVE-2018-25407.
• Deploy the Sigma rules provided to detect potential exploitation attempts against the vulnerable parameters (artid, cid, did, contid, aboutid) in mod.php.
• Implement input validation and sanitization on all user-supplied data, especially within the mod.php file to prevent future SQL injection attacks.

]]>criticalthreatsql-injectionweb-applicationhttps://feed.craftedsignal.io/briefs/2026-05-cve-2018-25406-sql-injection/Sat, 30 May 2026 16:18:16 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-cve-2018-25406-sql-injection/eNdonesia Portal 8.7 is vulnerable to SQL injection (CVE-2018-25406), allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through specific parameters, potentially leading to data exfiltration.eNdonesia Portal version 8.7 is vulnerable to SQL injection attacks. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the artid, cid, did, contid, and aboutid parameters in mod.php. The vulnerability exists across multiple modules, including publisher, diskusi, galeri, content, and about. Successful exploitation can lead to the extraction of sensitive information such as database credentials, usernames, and version information, potentially compromising the entire portal and its underlying database. This vulnerability was reported and assigned CVE-2018-25406.

Attack Chain

1. An unauthenticated attacker identifies an eNdonesia Portal 8.7 instance.
2. The attacker crafts a malicious HTTP GET or POST request targeting the mod.php script.
3. The attacker injects SQL code into one of the vulnerable parameters: artid, cid, did, contid, or aboutid.
4. The crafted request is sent to the eNdonesia Portal server.
5. The server processes the malicious SQL query without proper sanitization.
6. The injected SQL code executes arbitrary commands on the database server.
7. Sensitive data, such as database credentials or user information, is extracted by the attacker through the SQL query.
8. The attacker uses the extracted information for further malicious activities, potentially gaining complete control of the system.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2018-25406) can lead to the compromise of the eNdonesia Portal and its underlying database. Attackers can extract sensitive information such as database credentials, usernames, and version information. This can result in data breaches, unauthorized access to administrative accounts, and potential defacement or complete takeover of the eNdonesia Portal. Due to the unauthenticated nature of the vulnerability, any publicly accessible instance of eNdonesia Portal 8.7 is at risk.

Recommendation

• Apply appropriate input validation and sanitization techniques to all user-supplied input, specifically targeting the artid, cid, did, contid, and aboutid parameters in mod.php.
• Deploy the Sigma rule to detect SQL injection attempts against eNdonesia Portal 8.7 in web server logs.
• Upgrade to a patched version of eNdonesia Portal that addresses the CVE-2018-25406 vulnerability.

]]>criticalthreatsql-injectioncve-2018-25406web-application