CVE-2018-25388

Sažetak

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.

Reference

http://www.sitejo.id
https://sourceforge.net/projects/hape-pkh/files/latest/download
https://www.exploit-db.com/exploits/45593
https://www.vulncheck.com/advisories/hape-pkh-arbitrary-file-upload-via-aksi-foto-php

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

29-05-2026 - 16:29

Objavljeno

29-05-2026 - 16:16