Home / Vulnerability Intelligence / CVE-2019-25643

CVE-2019-25643 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 24, 2026

eNdonesia Portal - SQL Injection

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

eNdonesia Portal v8.7 contains an SQL injection caused by improper sanitization of the bid parameter in banners.php, letting unauthenticated attackers execute arbitrary SQL queries and extract sensitive database information.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL queries, leading to sensitive data disclosure and potential full database compromise.

Mitigation

Update to the latest version of eNdonesia Portal that addresses SQL injection vulnerabilities.

References

http://www.endonesia.org/
https://sourceforge.net/projects/endonesia/
https://www.exploit-db.com/exploits/46559
https://www.vulncheck.com/advisories/endonesia-portal-sql-injection-via-banners-php

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25643
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N