High severity8.8NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2018-25388
CVE-2018-25388
Description
HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.