eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicio…

eNdonesia Portal version 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries. The vulnerabilities are exploitable through the bid parameter in banners.php via GET requests. Attackers can inject malicious SQL code to extract sensitive database information from INFORMATION_SCHEMA tables. The vulnerabilities require no authentication, making them particularly dangerous. Multiple resources including exploit databases have documented proof-of-concept attacks for this vulnerability.