CVE-2018-25389

Published: Mag 29, 2026 Last Modified: Mag 29, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,2

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: low

Availability: none

Description

AI Translation Available

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.

89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Authentication Access Control

Potential Impacts:

Execute Unauthorized Code Or Commands Read Application Data Gain Privileges Or Assume Identity Bypass Protection Mechanism Modify Application Data

Applicable Platforms

Languages: Not Language-Specific, SQL

Technologies: Database Server

Likelihood of Exploit: High

View CWE Details

https://sourceforge.net/projects/hape-pkh/files/latest/down…

https://sourceforge.net/projects/hape-pkh/files/latest/download

https://www.exploit-db.com/exploits/45588

https://www.exploit-db.com/exploits/45588

https://www.vulncheck.com/advisories/hape-pkh-sql-injection…

https://www.vulncheck.com/advisories/hape-pkh-sql-injection-via-nama-kelompok-p…

http://www.sitejo.id

http://www.sitejo.id