VYPR
High severity8.2NVD Advisory· Published May 29, 2026· Updated May 29, 2026

CVE-2018-25389

CVE-2018-25389

Description

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.