eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting maliciou…

CVE-2018-25406 affects eNdonesia Portal version 8.7 with multiple SQL injection vulnerabilities in mod.php. Unauthenticated attackers can exploit parameters artid, cid, did, contid, and aboutid across five modules (publisher, diskusi, galeri, content, about). The vulnerabilities allow execution of arbitrary SQL queries to extract sensitive data including database credentials, usernames, and version information. Multiple proof-of-concept exploits are publicly available on Exploit-DB.