CVE-2018-25390 HIGH

CVE-2018-25390: HaPe PKH 1.1 SQL Injection via desa Parameter

Vendor Sitejo
Product HaPe PKH
Weakness CWE-89 · SQLi
Published May 29, 2026
Last update May 29, 2026
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and extract sensitive database information.

Key dates

02Disclosure timeline

May 29, 2026 CVE published
May 29, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-11585 CodeAstro Student Attendance Management System createClassArms.php sql injection CVE-2025-8706 Wanzhou WOES Intelligent Optimization Energy Saving System Energy Overview Module CreateFunctionLog sql injection CVE-2025-3304 code-projects Patient Record Management System dental_not.php sql injection CVE-2025-9678 Campcodes Online Loan Management System ajax.php sql injection CVE-2025-9706 SourceCodester Water Billing System edit.php sql injection