CVE-2018-25388 HIGH

CVE-2018-25388: HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php

Vendor Sitejo

Product HaPe PKH

Weakness CWE-434 · Unrestricted file upload

Published May 29, 2026

Last update May 29, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

Description

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.

Key dates

Disclosure timeline

May 29, 2026 CVE published

May 29, 2026 Record updated