CVE-2018-25387
Cross-Site Request Forgery in HaPe PKH 1.1
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hape | pkh | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows attackers to change administrator passwords without authentication, potentially giving them full control over the admin account.
With admin access, attackers can manipulate the application, compromise data integrity, and disrupt normal operations.
The CVSS score of 6.9 indicates a significant security risk that could lead to unauthorized privilege escalation.
Can you explain this vulnerability to me?
HaPe PKH version 1.1 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to change administrator passwords without authentication.
Attackers can craft malicious HTTP POST requests or forms targeting the aksi_user.php script with parameters like id_user, password, and level to modify admin credentials.
This happens because the application lacks proper CSRF protections, enabling unauthorized requests to update user information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests targeting the endpoint `/hape-pkh/admin/modul/mod_user/aksi_user.php?module=user&act=update`.
Specifically, look for POST requests that include parameters such as `id_user`, `password`, and `level` being submitted without proper authentication.
You can use network monitoring tools like tcpdump or Wireshark to capture HTTP traffic and filter for POST requests to this endpoint.
- Example tcpdump command to capture relevant HTTP POST requests: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /hape-pkh/admin/modul/mod_user/aksi_user.php?module=user&act=update'
- Alternatively, use curl or similar tools to test the endpoint by sending crafted POST requests with parameters `id_user`, `password`, and `level` to verify if the password can be changed without authentication.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper CSRF protections on the vulnerable endpoint to prevent unauthorized requests.
This can be done by adding anti-CSRF tokens to forms and validating them on the server side.
Additionally, restrict access to the `aksi_user.php` script by requiring authentication and proper authorization checks before allowing password changes.
As a temporary measure, monitor and block suspicious POST requests to the vulnerable endpoint at the network or web application firewall level.
Finally, update or patch the HaPe PKH application if an official fix is available.