fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
Recent assessments:
J3rryBl4nks at March 09, 2020 9:27pm UTC reported:
This is an authenticated SQL Injection that should lead to a reverse shell.
<https://github.com/J3rryBl4nks/eLection-TriPath-/blob/master/SQLiIntoRCE.md>
Itβs very easy to identify, and to exploit. The value is low because it is rarely seen on real machines.
Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 5