CVE-2018-25385
Deferred Deferred - Pending Action
SQL Injection in E-Registrasi Pencak Silat 18.10

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulnCheck

Description
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can send GET requests to monitor_nilai.php with crafted SQL payloads in the id_partai parameter to extract sensitive database information including admin credentials and user data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25385
EUVD
EUVD-2018-21907
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The SQL injection vulnerability in E-Registrasi Pencak Silat 18.10 allows attackers to extract sensitive database information, including admin credentials and user data. This unauthorized access to sensitive personal data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access or disclosure.

By enabling attackers to access and potentially misuse sensitive user data, this vulnerability increases the risk of data breaches, which can result in legal penalties, reputational damage, and loss of trust under these common standards and regulations.

Executive Summary

E-Registrasi Pencak Silat version 18.10 contains a high-severity SQL injection vulnerability in the 'id_partai' parameter of the monitor_nilai.php file.

This flaw allows unauthenticated attackers to inject malicious SQL code through the id_partai parameter by sending crafted GET requests.

As a result, attackers can manipulate SQL queries executed by the application, potentially leading to unauthorized access to sensitive database information.

Impact Analysis

This vulnerability can have significant impacts including unauthorized extraction of sensitive data such as admin credentials and user information.

Attackers can exploit this flaw to access, modify, or delete data within the application's database without authentication.

Such unauthorized access can lead to data breaches, loss of data integrity, and compromise of user privacy.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious GET requests to the monitor_nilai.php file that include the id_partai parameter with potentially malicious SQL payloads.

A practical detection method is to analyze web server logs or use network monitoring tools to identify requests where the id_partai parameter contains SQL injection patterns or encoded SQL commands.

For example, you can use the following command to search web server logs for suspicious id_partai parameter usage:

  • grep -i 'monitor_nilai.php' /var/log/apache2/access.log | grep 'id_partai='

Additionally, you can look for hexadecimal encoded SQL payloads in the id_partai parameter, which attackers use to exploit the vulnerability.

Mitigation Strategies

Immediate mitigation steps include implementing input validation and sanitization on the id_partai parameter to prevent SQL injection.

Using prepared statements or parameterized queries in the monitor_nilai.php file will help prevent attackers from injecting malicious SQL code.

Additionally, restricting access to the vulnerable script and monitoring for suspicious activity can reduce the risk of exploitation.

If possible, update or patch the application to a version where this vulnerability is fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25385. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart