eNdonesia Portal version 8.7 contains multiple SQL injection vulnerabilities in the mod.php file. Unauthenticated attackers can exploit these vulnerabilities by injecting malicious SQL code through multiple parameters including artid, cid, did, contid, and aboutid. Successful exploitation allows attackers to execute arbitrary SQL queries and extract sensitive database information such as usernames, database names, and version details. The vulnerabilities pose a significant security risk as they require no authentication to exploit.