CVE-2010-3461

eNdonesia 8.4 - SQL Injection via Publisher Module artid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3461. PoCs published by vYc0d.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in eNdonesia 8.4's print module. The PoC shows how an attacker can inject malicious SQL queries via the 'artid' parameter to extract sensitive data from the database.

Description

SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.

Exploits (1)

exploitdb WORKING POC VERIFIED
by vYc0d · textwebappsphp
https://www.exploit-db.com/exploits/15006

This exploit demonstrates a SQL injection vulnerability in eNdonesia 8.4's print module. The PoC shows how an attacker can inject malicious SQL queries via the 'artid' parameter to extract sensitive data from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: eNdonesia 8.4 or lower
No auth needed
Prerequisites: Access to the vulnerable endpoint · Valid 'artid' parameter
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15006
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61809

Scores

EPSS 0.0091
EPSS Percentile 55.8%

Details

CWE
CWE-89
Status published
Products (1)
endonesia/endonesia 8.4
Published Sep 17, 2010
Tracked Since Feb 18, 2026