CVE-2018-25387
Deferred Deferred - Pending Action
Cross-Site Request Forgery in HaPe PKH 1.1

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulnCheck

Description
HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksi_user.php script with parameters like id_user, password, and level to modify admin credentials without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25387
EUVD
EUVD-2018-21909
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hape pkh 1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability allows attackers to change administrator passwords without authentication, potentially giving them full control over the admin account.

With admin access, attackers can manipulate the application, compromise data integrity, and disrupt normal operations.

The CVSS score of 6.9 indicates a significant security risk that could lead to unauthorized privilege escalation.

Executive Summary

HaPe PKH version 1.1 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to change administrator passwords without authentication.

Attackers can craft malicious HTTP POST requests or forms targeting the aksi_user.php script with parameters like id_user, password, and level to modify admin credentials.

This happens because the application lacks proper CSRF protections, enabling unauthorized requests to update user information.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP POST requests targeting the endpoint `/hape-pkh/admin/modul/mod_user/aksi_user.php?module=user&act=update`.

Specifically, look for POST requests that include parameters such as `id_user`, `password`, and `level` being submitted without proper authentication.

You can use network monitoring tools like tcpdump or Wireshark to capture HTTP traffic and filter for POST requests to this endpoint.

  • Example tcpdump command to capture relevant HTTP POST requests: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /hape-pkh/admin/modul/mod_user/aksi_user.php?module=user&act=update'
  • Alternatively, use curl or similar tools to test the endpoint by sending crafted POST requests with parameters `id_user`, `password`, and `level` to verify if the password can be changed without authentication.
Mitigation Strategies

Immediate mitigation steps include implementing proper CSRF protections on the vulnerable endpoint to prevent unauthorized requests.

This can be done by adding anti-CSRF tokens to forms and validating them on the server side.

Additionally, restrict access to the `aksi_user.php` script by requiring authentication and proper authorization checks before allowing password changes.

As a temporary measure, monitor and block suspicious POST requests to the vulnerable endpoint at the network or web application firewall level.

Finally, update or patch the HaPe PKH application if an official fix is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart