CVE-2018-25409
Arbitrary File Upload in SIM-PKH 2.4.1
Publication date: 2026-05-30
Last updated on: 2026-05-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in SIM-PKH version 2.4.1 is an arbitrary file upload flaw that allows authenticated attackers to upload malicious PHP files to the server.
Attackers exploit a file upload form by submitting PHP code through the 'fupload' parameter at the 'aksi_pengurus.php' endpoint with 'module=pengurus' and 'act=update' parameters.
The uploaded PHP files are stored in the 'foto' directory and can be executed as web scripts, enabling attackers to run arbitrary code on the affected server.
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on the affected server, allowing attackers to execute arbitrary commands or scripts.
Such unauthorized access can compromise the integrity, confidentiality, and availability of the system and its data.
Attackers could potentially use this access to steal sensitive information, disrupt services, or further penetrate the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of uploaded PHP files in the /foto/ directory that should not normally contain executable scripts.
You can also monitor HTTP POST requests to the endpoint /admin/modul/mod_pengurus/aksi_pengurus.php with parameters module=pengurus and act=update, especially those containing the 'fupload' parameter.
Suggested commands to detect potential exploitation include:
- Using grep to find PHP files in the foto directory: `find /path/to/foto -name '*.php'`
- Checking web server access logs for POST requests to the vulnerable endpoint: `grep 'POST /admin/modul/mod_pengurus/aksi_pengurus.php' /var/log/apache2/access.log`
- Using curl to test upload functionality (requires authentication): `curl -X POST -F '[email protected]' 'http://target/admin/modul/mod_pengurus/aksi_pengurus.php?module=pengurus&act=update'`
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint to trusted users only, as the vulnerability requires authentication.
Disable or restrict file uploads via the 'fupload' parameter if possible.
Implement strict validation and sanitization of uploaded files to prevent uploading executable PHP scripts.
Remove any suspicious PHP files found in the /foto/ directory.
Apply any available patches or updates from the software vendor addressing this vulnerability.
Monitor logs for suspicious activity related to the vulnerable endpoint.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to upload and execute malicious PHP files on the affected server, leading to potential remote code execution.
Such unauthorized access and execution of malicious code can compromise the confidentiality, integrity, and availability of sensitive data.
This poses a significant risk to compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access and breaches.