CVE-2018-25389NVD

Vulnerability Summary

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.

Severity Level

HIGH(8.2)

Published Date

May 29, 2026

Last Modified

Jun 2, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.09%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityLow

AvailabilityNone

External References

https://www.exploit-db.com/exploits/45588
http://www.sitejo.id
https://sourceforge.net/projects/hape-pkh/files/latest/download
https://www.vulncheck.com/advisories/hape-pkh-sql-injection-via-nama-kelompok-parameter