CVE-2018-25385

E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai

CVSS 8.8 HIGHEPSS 0.3%CWE-89

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can send GET requests to monitor_nilai.php with crafted SQL payloads in the id_partai parameter to extract sensitive database information including admin credentials and user data.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

eregistrasi-kejuaraan-silat · Registrasi Pencak Silat

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45582unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sourceforge.net/projects/eregistrasi-kejuaraan-silat/https://sourceforge.net/projects/eregistrasi-kejuaraan-silat/files/latest/download https://www.exploit-db.com/exploits/45582 https://www.vulncheck.com/advisories/e-registrasi-pencak-silat-sql-injection-via-id-partai