CVE-2019-25643

Sažetak

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables.

Reference

http://www.endonesia.org/
https://sourceforge.net/projects/endonesia/
https://www.exploit-db.com/exploits/46559
https://www.vulncheck.com/advisories/endonesia-portal-sql-injection-via-banners-php

CVSS

Base:	8.2
Impact:	4.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

24-03-2026 - 15:53

Objavljeno

24-03-2026 - 12:16