E-Registrasi Pencak Silat version 18.10 contains a critical SQL injection vulnerability in the monitor_nilai.php file through the id_partai parameter. Unauthenticated attackers can exploit this vulnerability by sending crafted GET requests with malicious SQL payloads. The vulnerability allows arbitrary SQL query execution, enabling attackers to extract sensitive database information including administrative credentials and user data. This represents a significant security risk as it requires no authentication and can lead to complete database compromise.