This was a classic indicator of a SQL injection vulnerability. The database was wide open to anyone who knew how to ask the wrong questions. ✉️ The Responsible Disclosure
The index.php?id= part is a classic sign of a database query. inurl -.com.my index.php id