VYPR
High severity8.8NVD Advisory· Published May 29, 2026· Updated May 29, 2026

CVE-2018-25388

CVE-2018-25388

Description

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.