High severity8.2NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2018-25389
CVE-2018-25389
Description
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.