CVE-2018-25386
SQL Injection in HaPe PKH 1.1 Admin Module
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hape | pkh | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
HaPe PKH version 1.1 contains multiple SQL injection vulnerabilities in the admin/media.php file. These vulnerabilities occur through the 'id' parameter and can be exploited differently depending on whether the attacker is authenticated or not.
An unauthenticated attacker can exploit the desa module (module=desa&act=hapus), while authenticated users can exploit the pengurus, fasilitas, and kelompok modules using actions such as act=print, act=editpengurus, act=editfasilitas, and act=editkelompok.
Successful exploitation allows attackers to manipulate database queries by injecting SQL code, enabling them to extract sensitive database information including the current user, database name, and DBMS version.
How can this vulnerability impact me? :
This vulnerability can have a high impact as it allows attackers to extract sensitive information from the database without proper authorization.
- Attackers can gain access to sensitive database details such as the current user, database name, and DBMS version.
- Unauthenticated attackers can exploit certain modules, increasing the risk of unauthorized data access.
- Authenticated users with access to specific modules can also exploit the vulnerability to escalate their privileges or extract sensitive data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves SQL injection through the 'id' parameter in admin/media.php, exploitable via specific modules and actions. Detection can focus on monitoring HTTP requests targeting these parameters and modules.
- Inspect web server logs for suspicious requests containing 'module=desa&act=hapus' or authenticated actions like 'act=print', 'act=editpengurus', 'act=editfasilitas', and 'act=editkelompok' with unusual or malformed 'id' parameter values.
- Use web application vulnerability scanners that support SQL injection detection to scan the admin/media.php endpoint, focusing on the 'id' parameter.
- Run manual SQL injection tests using tools like sqlmap targeting the URL with the vulnerable parameters, for example: sqlmap -u "http://target/admin/media.php?module=desa&act=hapus&id=1" --batch
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable admin/media.php endpoint and sanitizing input parameters to prevent SQL injection.
- Apply input validation and parameterized queries or prepared statements in the code handling the 'id' parameter to prevent injection.
- Limit access to the admin interface and modules (desa, pengurus, fasilitas, kelompok) to trusted users only.
- If possible, temporarily disable the vulnerable modules or actions until a patch or fix is applied.
- Monitor logs for suspicious activity and consider implementing a web application firewall (WAF) to block SQL injection attempts.