CVE-2018-25405

Vulnerability

eNdonesia Portal version 8.7 is vulnerable to multiple SQL injection flaws in the mod.php script. The parameters artid, cid, did, contid, and aboutid are not properly sanitized, allowing an attacker to inject arbitrary SQL queries. This vulnerability is present in the default installation and requires no special configuration to be exploitable [2].

Exploitation

An unauthenticated attacker can exploit these vulnerabilities by sending crafted HTTP requests to the mod.php endpoint with malicious SQL payloads in any of the vulnerable parameters. No authentication or prior access is required. The attacker can use standard SQL injection techniques such as UNION-based or error-based injection to extract data [2].

Impact

Successful exploitation allows an attacker to extract sensitive information from the database, including usernames, database names, and database version details. This can lead to further compromise of the application and underlying system, potentially resulting in privilege escalation or data breach [2].

Mitigation

As of the publication date, no official patch or fixed version has been released for eNdonesia Portal 8.7. Users are advised to restrict network access to the mod.php endpoint or implement a web application firewall (WAF) to filter malicious SQL injection attempts. The software may be end-of-life; upgrading to a supported alternative is recommended [2].