CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•5 views

CVE-2018-25386

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS0.00068EPSS

NVD•added 6 days ago•4 views

CVE-2018-25387

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

6.9CVSS0.00019EPSS

Cvelist•added 6 days ago•22 views

CVE-2018-25391 HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

8.7CVSS0.00034EPSS

Vulnrichment•added 6 days ago•6 views

CVE-2018-25391 HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion

8.7CVSS5.9AI score0.00034EPSS

CVE•added 6 days ago•8 views

CVE-2018-25391

HaPe PKH 1.1 contains an authorization flaw in its record deletion endpoints. The admin/modul/mod_pengurus/aksi_pengurus.php (module=pengurus&act=hapus) and admin/modul/mod_update/aksi_update.php (module=update&act=hapus) delete records without verifying the requester’s privileges, allowing unaut...

8.7CVSS5.9AI score0.00034EPSS

Cvelist•added 6 days ago•21 views

CVE-2018-25389 HaPe PKH 1.1 SQL Injection via nama_kelompok Parameter

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'namakelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to...

8.8CVSS0.00065EPSS

Vulnrichment•added 6 days ago•3 views

CVE-2018-25390 HaPe PKH 1.1 SQL Injection via desa Parameter

Vulnrichment•added 6 days ago•3 views

CVE-2018-25389 HaPe PKH 1.1 SQL Injection via nama_kelompok Parameter

CVE•added 6 days ago•10 views

CVE-2018-25389

HaPe PKH 1.1 is affected by an SQL injection vulnerability in the nama_kelompok POST parameter used by lap-anggota-kelompok-pdf.php. The vulnerability allows unauthenticated attackers to manipulate database queries, and a crafted time-based blind payload could be used to infer and extract sensiti...

Vulnrichment•added 6 days ago•4 views

CVE-2018-25388 HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksifoto.php, aksiuser.php, and aksikecamatan.php to execute arbitrary...

8.8CVSS6.3AI score0.0006EPSS

Cvelist•added 6 days ago•21 views

CVE-2018-25387 HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php

6.9CVSS0.00019EPSS

Cvelist•added 6 days ago•22 views

CVE-2018-25386 HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php

8.8CVSS0.00068EPSS

Vulnrichment•added 6 days ago•5 views

CVE-2018-25386 HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php

8.8CVSS5.9AI score0.00068EPSS

CNNVD•added 6 days ago•4 views

Sitejo HaPe PKH 跨站请求伪造漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow attacker...

6.9CVSS5.7AI score0.00019EPSS

CNNVD•added 6 days ago•4 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the desa POST parameter, allowing unauthenticated attacke...

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-11920 Malicious code in @zalastax/nolb-hape (npm)

The package @zalastax/nolb-hape was found to contain malicious code...

7.2AI score

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•1 views

Malicious code in @zalastax/nolb-hape (npm)

The package @zalastax/nolb-hape was found to contain malicious code...

7AI score

Packet Storm•added 2018/10/12 12:0 a.m.•24 views

HaPe PKH 1.1 SQL Injection

Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC...

0.2AI score

0day.today•added 2018/10/12 12:0 a.m.•24 views

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for perl platform in category web applications Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category:...

0.2AI score