Upstream information
Description
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| CVSS detail | CNA (VulnCheck) |
|---|---|
| Base Score | 8.2 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | Low |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
| CVSS detail | CNA (VulnCheck) |
|---|---|
| Base Score | 8.8 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
| Attack Vector | Network |
| Attack Complexity | Low |
| Attack Requirements | None |
| Privileges Required | None |
| User Interaction | None |
| Vulnerable System Confidentiality Impact | High |
| Vulnerable System Integrity Impact | Low |
| Vulnerable System Availability Impact | None |
| Subsequent System Confidentiality Impact | None |
| Subsequent System Integrity Impact | None |
| Subsequent System Availability Impact | None |
| CVSSv4 Version | 4.0 |
SUSE Security Advisories:
- SUSE-IU-2020:111-1, published Fri Dec 11 04:01:07 MST 2020
- SUSE-IU-2020:112-1, published Fri Dec 11 04:02:23 MST 2020
- SUSE-IU-2020:113-1, published Fri Dec 11 04:03:31 MST 2020
- SUSE-SU-2020:2904-1, published Tue Oct 13 13:16:09 MDT 2020
- SUSE-SU-2020:2905-1, published Tue Oct 13 13:25:27 MDT 2020
- SUSE-SU-2020:2906-1, published Tue Oct 13 14:17:38 MDT 2020
- SUSE-SU-2020:2907-1, published Tue Oct 13 13:53:25 MDT 2020
SUSE Timeline for this CVE
CVE page created: Wed Mar 26 11:50:55 2025CVE page last modified: Tue Mar 24 20:44:06 2026