eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting maliciou…

CVE-2018-25407 affects eNdonesia Portal version 8.7 with multiple SQL injection vulnerabilities in mod.php. Unauthenticated attackers can execute arbitrary SQL queries through various parameters including artid, cid, did, contid, and aboutid across multiple modules (publisher, diskusi, galeri, content, about). The vulnerabilities allow extraction of sensitive database information including usernames, database names, and version details. Multiple proof-of-concept exploits are publicly available, making this a high-priority security issue for organizations using this portal software.