CVE-2018-25391
Unauthenticated Record Deletion in HaPe PKH 1.1
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hape | pkh | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to delete arbitrary records, including administrator and update records, without authorization. This unauthorized deletion of data can lead to integrity issues and potential loss of critical information.
Such unauthorized data manipulation and lack of access control may violate compliance requirements in standards and regulations like GDPR and HIPAA, which mandate strict controls over data access, integrity, and protection against unauthorized modification or deletion.
Therefore, this vulnerability could negatively impact an organization's ability to comply with these regulations by failing to enforce proper authorization controls on sensitive data operations.
Can you explain this vulnerability to me?
HaPe PKH version 1.1 has a missing authorization vulnerability that allows unauthenticated attackers to delete arbitrary records.
Specifically, the deletion endpoints in the admin/modul/mod_pengurus/aksi_pengurus.php and admin/modul/mod_update/aksi_update.php files do not verify user privileges before processing deletion requests.
This means an attacker can send a crafted request specifying the target record's ID and delete records without any authentication.
- The vulnerability enables removal of administrator (pengurus) and update records.
How can this vulnerability impact me? :
This vulnerability can have a significant impact by allowing unauthorized deletion of important records.
- Attackers can delete administrator records, potentially disrupting administrative control.
- Attackers can delete update records, which may affect system integrity and maintenance.
Because no authentication or authorization is required, the system is vulnerable to malicious deletion attacks from any unauthenticated user.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized HTTP requests targeting the deletion endpoints admin/modul/mod_pengurus/aksi_pengurus.php and admin/modul/mod_update/aksi_update.php with parameters module=pengurus&act=hapus or module=update&act=hapus.
Specifically, you can look for HTTP requests that include crafted parameters specifying record IDs for deletion without proper authentication.
Example commands to detect such activity might include using network traffic analysis tools like tcpdump or tshark to filter HTTP requests to these endpoints.
- tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'module=pengurus&act=hapus'
- tcpdump -A -s 0 'tcp port 80' | grep 'module=update&act=hapus'
Alternatively, web server logs can be searched for requests to these endpoints with deletion parameters to identify potential exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable deletion endpoints by implementing proper authorization checks to verify user privileges before processing deletion requests.
If possible, restrict access to these endpoints to trusted IP addresses or authenticated users only.
Additionally, monitor and block suspicious requests attempting to delete records without proper authentication.
Applying patches or updates from the vendor that fix the missing authorization issue is recommended as a long-term solution.