Vulnerability Description
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- http://www.endonesia.org/
- https://sourceforge.net/projects/endonesia/
- https://www.exploit-db.com/exploits/46559
- https://www.vulncheck.com/advisories/endonesia-portal-sql-injection-via-banners-
FAQ
What is CVE-2019-25643?
CVE-2019-25643 is a vulnerability with a CVSS score of 8.2 (HIGH). eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attac...
How severe is CVE-2019-25643?
CVE-2019-25643 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25643?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.