A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vu…

A critical SQL injection vulnerability in Fikir Odalari AdminPando 1.0.1 allows unauthenticated attackers to bypass authentication through vulnerable username and password parameters in the login functionality. Successful exploitation grants complete administrative access to the application, enabling attackers to manipulate public-facing website content through HTML/DOM manipulation. The vulnerability affects versions before 2026-01-26 and represents a complete authentication bypass, making it a high-severity security issue.