top of page
perceptive_background_267k.jpg

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the f…

Published:

29 mei 2026 om 22:00:00

Alert date:

30 mei 2026 om 17:07:56

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

SIM-PKH version 2.4.1 contains a critical arbitrary file upload vulnerability that allows authenticated attackers to upload and execute malicious PHP files. The vulnerability exists in the aksi_pengurus.php endpoint through the fupload parameter with specific module and action parameters. Attackers can upload PHP code that gets stored in the foto directory and executed as web scripts, leading to potential remote code execution. This vulnerability affects the SIM-PKH application and has been documented with proof-of-concept exploits available on Exploit-DB.

Technical details

Mitigation steps:

Affected products:

SIM-PKH 2.4.1

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25409
https://simpkh.sourceforge.io/
https://sourceforge.net/projects/simpkh/files/latest/download
https://www.exploit-db.com/exploits/45659
https://www.vulncheck.com/advisories/sim-pkh-arbitrary-file-upload-via-aksi-pengurus-php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page