SQL Injection Vulnerability in HaPe PKH Product by HaPe
CVE-2018-25389

8.8HIGH

Key Information:

Vendor: Sitejo
Status: Hape Pkh
Vendor: CVE Published:; 29 May 2026

Badges

👾 Exploit Exists

What is CVE-2018-25389?

The HaPe PKH 1.1 application is susceptible to an SQL injection vulnerability, which allows unauthenticated attackers to manipulate database queries. By injecting malicious SQL code through the 'nama_kelompok' parameter in the POST request to lap-anggota-kelompok-pdf.php, an attacker can execute crafted requests with time-based blind payloads. This can lead to the inference and extraction of sensitive data from the underlying database, posing a significant security risk.

Affected Version(s)

HaPe PKH 1.1

References

https://www.exploit-db.com/exploits/45588

exploit

http://www.sitejo.id

product

https://sourceforge.net/projects/hape-pkh/files/latest/do...

product

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 29, 2026
👾
Exploit known to exist
May 29, 2026
Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Ihsan Sencan

CVE-2018-25389 Data

JSON

Sitejo

Badges

What is CVE-2018-25389?

Affected Version(s)

References

CVSS V4

Timeline

Credit