Sync EUVD catalog: Sun May 31 00:56:39 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/05/EUVD-2018-21927.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21927",
+  "enisaUuid": "4c9ed5d4-78a7-37d6-bc00-9583a17ba6e4",
+  "description": "eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract sensitive database information including usernames, database names, and version details.",
+  "datePublished": "May 30, 2026, 2:55:12 PM",
+  "dateUpdated": "May 30, 2026, 2:55:12 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45654\nhttp://www.endonesia.org/\nhttps://sourceforge.net/projects/endonesia/files/latest/download\nhttps://www.vulncheck.com/advisories/endonesia-portal-sql-injection-via-mod-php\n",
+  "aliases": "GHSA-7976-cwgg-p8cx\nCVE-2018-25405\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "8a499a27-8d9f-36ba-9747-0f9668c9ca87",
+      "product": {
+        "name": "eNdonesia Portal",
+        "vendor": {
+          "name": "Endonesia"
+        }
+      },
+      "product_version": "8.7"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "7af63706-65a4-3653-98cc-400999c673c5",
+      "vendor": {
+        "name": "Endonesia"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21928.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21928",
+  "enisaUuid": "82f71f94-29ef-347e-a5c7-d6b9cf68f881",
+  "description": "eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database credentials, usernames, and version information.",
+  "datePublished": "May 30, 2026, 2:55:14 PM",
+  "dateUpdated": "May 30, 2026, 2:55:14 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45654\nhttp://www.endonesia.org/\nhttps://sourceforge.net/projects/endonesia/files/latest/download\nhttps://www.vulncheck.com/advisories/endonesia-portal-sql-injection-via-mod-php-2\n",
+  "aliases": "GHSA-pj9c-49f9-pw37\nCVE-2018-25406\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "c88f0314-a648-3770-b701-eb5c1b654bea",
+      "product": {
+        "name": "eNdonesia Portal",
+        "vendor": {
+          "name": "Endonesia"
+        }
+      },
+      "product_version": "8.7"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "6ce27ecb-6f33-3ac6-91ff-134f8615c785",
+      "vendor": {
+        "name": "Endonesia"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21929.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21929",
+  "enisaUuid": "0b8fbbfd-7204-3410-9489-3cea81f2679d",
+  "description": "eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher, diskusi, galeri, content, and about modules to extract database information including usernames, database names, and version details.",
+  "datePublished": "May 30, 2026, 2:55:14 PM",
+  "dateUpdated": "May 30, 2026, 2:55:14 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45654\nhttp://www.endonesia.org/\nhttps://sourceforge.net/projects/endonesia/files/latest/download\nhttps://www.vulncheck.com/advisories/endonesia-portal-sql-injection-via-mod-php-3\n",
+  "aliases": "CVE-2018-25407\nGHSA-34x7-vqxj-ppp4\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "5846a951-9e4d-39ed-85ea-8eb486025bd9",
+      "product": {
+        "name": "eNdonesia Portal",
+        "vendor": {
+          "name": "Endonesia"
+        }
+      },
+      "product_version": "8.7"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "4183b3d9-3d33-3cd6-b9ca-c59fa36dfa24",
+      "vendor": {
+        "name": "Endonesia"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21930.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21930",
+  "enisaUuid": "e5d22890-9047-3422-8996-9c7a0834477c",
+  "description": "The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access files outside the intended directory, including configuration files and system files.",
+  "datePublished": "May 30, 2026, 2:55:15 PM",
+  "dateUpdated": "May 30, 2026, 2:55:15 PM",
+  "baseScore": 8.7,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45655\nhttp://openises.sourceforge.net/\nhttps://sourceforge.net/projects/openises/files/latest/download\nhttps://www.vulncheck.com/advisories/the-open-ises-project-3-30a-path-traversal-arbitrary-file-download\n",
+  "aliases": "CVE-2018-25408\nGHSA-39jc-xvx2-95jh\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "43af081c-212f-31a0-980d-cc0bf81185c9",
+      "product": {
+        "name": "Open ISES Project",
+        "vendor": {
+          "name": "Open ISES"
+        }
+      },
+      "product_version": "3.30A"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "9d913323-e240-321f-b46c-e4a20f0f58e6",
+      "vendor": {
+        "name": "openises"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21931.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21931",
+  "enisaUuid": "5378d5ae-cb71-31d6-a9cb-891bd8aa03e3",
+  "description": "SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which are stored in the foto directory and executed as web scripts.",
+  "datePublished": "May 30, 2026, 2:55:16 PM",
+  "dateUpdated": "May 30, 2026, 2:55:16 PM",
+  "baseScore": 8.7,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45659\nhttps://simpkh.sourceforge.io/\nhttps://sourceforge.net/projects/simpkh/files/latest/download\nhttps://www.vulncheck.com/advisories/sim-pkh-arbitrary-file-upload-via-aksi-pengurus-php\n",
+  "aliases": "CVE-2018-25409\nGHSA-j699-2v84-mrr9\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "7d5be35e-164d-3b8a-9d08-1181b0ef5dfe",
+      "product": {
+        "name": "SIM-PKH",
+        "vendor": {
+          "name": "Simpkh"
+        }
+      },
+      "product_version": "2.4.1"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "170897de-a061-3d6c-a5ce-9fa651a8cccf",
+      "vendor": {
+        "name": "Simpkh"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21932.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21932",
+  "enisaUuid": "beb745c5-9198-3185-997a-0526ba47ef26",
+  "description": "SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQL UNION statements to extract database information including usernames, database names, and version details.",
+  "datePublished": "May 30, 2026, 2:55:17 PM",
+  "dateUpdated": "May 30, 2026, 2:55:17 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45664\nhttps://simpkh.sourceforge.io/\nhttps://sourceforge.net/projects/simpkh/files/latest/download\nhttps://www.vulncheck.com/advisories/sim-pkh-sql-injection-via-media-php-id-parameter\n",
+  "aliases": "CVE-2018-25410\nGHSA-f67q-74gf-3w9f\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "8d568417-8272-3350-8995-7714f77dc916",
+      "product": {
+        "name": "SIM-PKH",
+        "vendor": {
+          "name": "Simpkh"
+        }
+      },
+      "product_version": "2.4.1"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "1575132a-060a-3259-94a6-6ef642a86ca3",
+      "vendor": {
+        "name": "Simpkh"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21933.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21933",
+  "enisaUuid": "1f8f63ee-745e-3c3f-a838-1da29d5bbd61",
+  "description": "MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.",
+  "datePublished": "May 30, 2026, 2:55:17 PM",
+  "dateUpdated": "May 30, 2026, 2:55:17 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45665\nhttp://www.m-gb.org/\nhttps://sourceforge.net/projects/mopzz-gb/files/latest/download\nhttps://www.vulncheck.com/advisories/mgb-opensource-guestbook-sql-injection-via-email-php\n",
+  "aliases": "CVE-2018-25411\nGHSA-p2q6-28xf-prjj\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "a85dae08-d160-3e84-984d-e5a84fa19b2c",
+      "product": {
+        "name": "MGB OpenSource Guestbook",
+        "vendor": {
+          "name": "M-Gb"
+        }
+      },
+      "product_version": "0.7.0.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "96ffc716-afad-311b-804a-0666da610f64",
+      "vendor": {
+        "name": "M-Gb"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21934.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21934",
+  "enisaUuid": "95a91501-a633-3758-a5ca-f44e982cff83",
+  "description": "Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.",
+  "datePublished": "May 30, 2026, 2:55:18 PM",
+  "dateUpdated": "May 30, 2026, 2:55:18 PM",
+  "baseScore": 9.3,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45685\nhttp://deltasql.sourceforge.net/\nhttps://sourceforge.net/projects/deltasql/files/latest/download\nhttp://deltasql.sourceforge.net/deltasql/\nhttps://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php\n",
+  "aliases": "GHSA-q3h9-349m-77jh\nCVE-2018-25412\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "25cce844-f357-342f-a7ff-8620aefa98df",
+      "product": {
+        "name": "Delta Sql",
+        "vendor": {
+          "name": "Deltasql"
+        }
+      },
+      "product_version": "1.8.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "92808e22-51c6-345f-901c-1949dce86c67",
+      "vendor": {
+        "name": "Deltasql"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21935.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21935",
+  "enisaUuid": "8a5618d6-b99e-3b01-bfe6-5eeb880bb729",
+  "description": "AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.",
+  "datePublished": "May 30, 2026, 2:55:19 PM",
+  "dateUpdated": "May 30, 2026, 2:55:19 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45690\nhttps://aiopmsd.sourceforge.io/\nhttps://sourceforge.net/projects/aiopmsd/files/latest/download\nhttps://www.vulncheck.com/advisories/aiopmsd-final-sql-injection-via-search-php\n",
+  "aliases": "CVE-2018-25413\nGHSA-r4jm-2v38-pg5c\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "06bd9b47-b924-3364-94ba-9bfff150fdf7",
+      "product": {
+        "name": "AiOPMSD Final",
+        "vendor": {
+          "name": "Aiopmsd"
+        }
+      },
+      "product_version": "1.0.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "f536d5cd-62f6-3fb2-86fa-fbaf929003e1",
+      "vendor": {
+        "name": "Aiopmsd"
+      }
+    }
+  ]
+}

advisories/2026/05/EUVD-2018-21936.json

@@ -0,0 +1,34 @@
+{
+  "id": "EUVD-2018-21936",
+  "enisaUuid": "6100d703-4b23-39f8-b298-3ff09cfc8a42",
+  "description": "AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract sensitive database information including usernames, database names, and version details.",
+  "datePublished": "May 30, 2026, 2:55:20 PM",
+  "dateUpdated": "May 30, 2026, 2:55:20 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45690\nhttps://aiopmsd.sourceforge.io/\nhttps://sourceforge.net/projects/aiopmsd/files/latest/download\nhttps://www.vulncheck.com/advisories/aiopmsd-final-sql-injection-via-actor-php\n",
+  "aliases": "CVE-2018-25414\nGHSA-xmj7-wr6h-chm4\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "dad4e609-2b7c-35dd-a9f8-85c6a06a78dd",
+      "product": {
+        "name": "AiOPMSD Final",
+        "vendor": {
+          "name": "Aiopmsd"
+        }
+      },
+      "product_version": "1.0.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "6e7b149f-afe3-326d-91e2-1473c8e78231",
+      "vendor": {
+        "name": "Aiopmsd"
+      }
+    }
+  ]
+}