top of page
perceptive_background_267k.jpg

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code throug…

Published:

28 mei 2026 om 22:00:00

Alert date:

29 mei 2026 om 17:11:07

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

HaPe PKH version 1.1 contains multiple SQL injection vulnerabilities in admin/media.php through the 'id' parameter. Unauthenticated attackers can exploit the desa module while authenticated users can target pengurus, fasilitas, and kelompok modules. The vulnerability allows manipulation of database queries and extraction of sensitive information including current user, database name, and DBMS version. Multiple attack vectors exist through different module actions including hapus, print, editpengurus, editfasilitas, and editkelompok. The vulnerability affects the admin interface and can lead to unauthorized database access.

Technical details

Mitigation steps:

Affected products:

HaPe PKH

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25386
http://www.sitejo.id
https://sourceforge.net/projects/hape-pkh/files/latest/download
https://www.exploit-db.com/exploits/45588
https://www.vulncheck.com/advisories/hape-pkh-sql-injection-via-id-parameter-in-admin-media-php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page