SQL Injection Vulnerabilities in HaPe PKH by HaPe
CVE-2018-25386

8.8HIGH

Key Information:

Vendor: Sitejo
Status: Hape Pkh
Vendor: CVE Published:; 29 May 2026

Badges

👾 Exploit Exists

What is CVE-2018-25386?

HaPe PKH 1.1 has multiple SQL injection vulnerabilities located in admin/media.php. These vulnerabilities allow attackers to manipulate database queries via the 'id' parameter. Unauthenticated attackers can exploit this vulnerability through the desa module, while those with authenticated access may exploit it within the pengurus, fasilitas, and kelompok modules. Successful exploitation can lead to the extraction of sensitive information from the database, including details about the current user, database name, and the version of the database management system (DBMS).

Affected Version(s)

HaPe PKH 1.1

References

https://www.exploit-db.com/exploits/45588

exploit

http://www.sitejo.id

product

https://sourceforge.net/projects/hape-pkh/files/latest/do...

product

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 29, 2026
👾
Exploit known to exist
May 29, 2026
Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Ihsan Sencan

CVE-2018-25386 Data

JSON

Sitejo

Badges

What is CVE-2018-25386?

Affected Version(s)

References

CVSS V4

Timeline

Credit