CVE-2018-25409

Published: Mag 30, 2026 Last Modified: Mag 30, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which are stored in the foto directory and executed as web scripts.

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, PHP, Not Language-Specific

Technologies: Web Server, AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://simpkh.sourceforge.io/

https://simpkh.sourceforge.io/

https://sourceforge.net/projects/simpkh/files/latest/downlo…

https://sourceforge.net/projects/simpkh/files/latest/download

https://www.exploit-db.com/exploits/45659

https://www.exploit-db.com/exploits/45659

https://www.vulncheck.com/advisories/sim-pkh-arbitrary-file…

https://www.vulncheck.com/advisories/sim-pkh-arbitrary-file-upload-via-aksi-pen…