E-Registrasi Pencak Silat SQL Injection Vulnerability

A SQL injection vulnerability has been identified in E-Registrasi Pencak Silat version 18.10. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id_partai' parameter. Exploitation involves sending crafted SQL payloads via GET requests to 'monitor_nilai.php', which can lead to the extraction of sensitive database information, including admin credentials and user data.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to manipulate the database or extract sensitive information. In this case, it could lead to unauthorized access to admin credentials and user data.

Reproduction

To reproduce this vulnerability, send a GET request to 'monitor_nilai.php' with a crafted SQL payload in the 'id_partai' parameter. The injected SQL code will be executed by the application's database, allowing the attacker to extract or manipulate data.