CVE-2018-25405
Deferred Deferred - Pending Action
SQL Injection in eNdonesia Portal 8.7

Publication date: 2026-05-30

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract sensitive database information including usernames, database names, and version details.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-30
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-30
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25405
EUVD
EUVD-2018-21927
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive database information such as usernames, database names, and version details.

This unauthorized access to sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Detection Guidance

This vulnerability can be detected by sending crafted HTTP requests with SQL injection payloads to the vulnerable parameters such as artid, cid, did, contid, and aboutid in mod.php.

For example, you can use curl commands to test the 'artid' parameter for SQL injection by injecting typical SQL payloads and observing the response for database errors or unexpected data.

  • curl "http://targetsite/mod.php?artid=1' OR '1'='1"
  • curl "http://targetsite/mod.php?cid=1' UNION SELECT NULL, version(), NULL-- "

Monitoring network traffic for unusual or suspicious HTTP requests targeting these parameters can also help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include applying input validation and sanitization on all parameters vulnerable to SQL injection, such as artid, cid, did, contid, and aboutid.

If a patch or updated version of eNdonesia Portal 8.7 is available that fixes the SQL injection issues, it should be applied immediately.

As a temporary measure, you can implement web application firewall (WAF) rules to block malicious SQL injection payloads targeting these parameters.

Restricting database user permissions to limit the impact of a successful injection can also help mitigate damage.

Executive Summary

The vulnerability in eNdonesia Portal 8.7 involves multiple SQL injection flaws. These allow attackers who are not authenticated to inject malicious SQL code through specific parameters in the mod.php file.

  • The vulnerable parameters include artid, cid, did, contid, and aboutid.

By exploiting these injection points, attackers can execute arbitrary SQL queries on the database.

This can lead to extraction of sensitive information such as usernames, database names, and version details.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive database information.

  • Attackers can retrieve usernames, database names, and version details.

Such data exposure can lead to further attacks, data breaches, and compromise of the system's integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25405. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart