Description
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can send GET requests to monitor_nilai.php with crafted SQL payloads in the id_partai parameter to extract sensitive database information including admin credentials and user data.
Published: 2026-05-29
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An SQL injection flaw exists in the id_partai parameter of monitor_nilai.php, allowing attackers to supply crafted SQL code without needing authentication. The flaw lets attackers run arbitrary SQL queries, revealing sensitive database contents such as administrator credentials and user data. The exposed information can lead to credential compromise, user impersonation, and further attacks that leverage the stolen data, resulting in a confidentiality breach and potential integrity violations.

Affected Systems

The vulnerability affects the 'E-Registrasi Pencak Silat' application version 18.10. The specific CPE indicates that any deployment of this version of the registrasi-kejuaraan-silat product is at risk. No version range was provided beyond the listed 18.10 release.

Risk and Exploitability

The CVSS score of 8.8 denotes a high severity vulnerability. Exploitation requires only remote access via HTTP GET requests to the monitor_nilai.php endpoint, as the attacker does not need prior authentication. The EPSS score is not available, so the current exploitation probability is unknown, but the high CVSS indicates significant risk. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet, however the potential impact remains substantial due to unauthorized data access.

Generated by OpenCVE AI on May 29, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the E-Registrasi Pencak Silat application to a version where the SQL injection issue in the id_partai parameter has been fixed.
  • Ensure all user-supplied input, especially in the id_partai parameter, is processed using prepared statements or parameterized queries to eliminate injection vectors.
  • Deploy a web application firewall or similar filtering mechanism to block malicious SQL payloads targeting the monitor_nilai.php endpoint.
  • Monitor application logs for unusual query patterns or repeated unsuccessful access attempts to detect potential exploitation attempts.

Generated by OpenCVE AI on May 29, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can send GET requests to monitor_nilai.php with crafted SQL payloads in the id_partai parameter to extract sensitive database information including admin credentials and user data.
Title E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-29T20:20:24.356Z

Reserved: 2026-05-29T11:13:55.327Z

Link: CVE-2018-25385

cve-icon Vulnrichment

Updated: 2026-05-29T20:20:21.057Z

cve-icon NVD

Status : Deferred

Published: 2026-05-29T16:16:17.587

Modified: 2026-05-29T16:29:11.350

Link: CVE-2018-25385

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:30:04Z

Weaknesses