SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-07-20
Updated
2023-07-27
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.
Max CVSS
7.5
EPSS Score
0.07%
Published
2010-09-17
Updated
2017-08-17
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
Max CVSS
6.8
EPSS Score
0.09%
Published
2008-08-04
Updated
2017-09-29
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
Max CVSS
7.5
EPSS Score
0.42%
Published
2007-06-26
Updated
2018-10-16
Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.8
EPSS Score
0.25%
Published
2006-12-31
Updated
2008-09-05
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
Max CVSS
7.5
EPSS Score
0.54%
Published
2006-12-31
Updated
2017-10-19
Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
Max CVSS
6.8
EPSS Score
2.31%
Published
2006-12-31
Updated
2017-10-19
Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.
Max CVSS
6.8
EPSS Score
2.65%
Published
2004-12-31
Updated
2017-07-29
8 vulnerabilities found