CVE-2018-25388

Published: Mag 29, 2026 Last Modified: Mag 29, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, PHP, Not Language-Specific

Technologies: Web Server, AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://sourceforge.net/projects/hape-pkh/files/latest/down…

https://sourceforge.net/projects/hape-pkh/files/latest/download

https://www.exploit-db.com/exploits/45593

https://www.exploit-db.com/exploits/45593

https://www.vulncheck.com/advisories/hape-pkh-arbitrary-fil…

https://www.vulncheck.com/advisories/hape-pkh-arbitrary-file-upload-via-aksi-fo…

http://www.sitejo.id

http://www.sitejo.id