top of page
perceptive_background_267k.jpg

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through t…

Published:

29 May 2026 at 22:00:00

Alert date:

30 May 2026 at 17:07:56

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

CVE-2018-25410 affects SIM-PKH version 2.4.1, a web-based application with a critical SQL injection vulnerability. The vulnerability allows authenticated attackers to execute arbitrary SQL queries through the 'id' parameter in /admin/media.php. Attackers can exploit this by sending GET requests with specific module and action parameters containing SQL UNION statements. The vulnerability enables extraction of sensitive database information including usernames, database names, and version details. This represents a significant security risk for organizations using this software version.

Technical details

Mitigation steps:

Affected products:

SIM-PKH

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25410
https://simpkh.sourceforge.io/
https://sourceforge.net/projects/simpkh/files/latest/download
https://www.exploit-db.com/exploits/45664
https://www.vulncheck.com/advisories/sim-pkh-sql-injection-via-media-php-id-parameter

Related CVE's:

Related threat actors:

IOC's:

/admin/media.php, module=pengurus, act=editpengurus

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page