PT-2026-45110

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

CVE-2018-25386 HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

CVE-2018-25386

HaPe PKH 1.1 is affected by SQL injection in admin/media.php via the 'id' parameter. The vulnerability allows an unauthenticated attacker to target desa (module=desa&act=hapus), while authenticated users can hit pengurus, fasilitas, and kelompok modules (e.g., act=print, act=editpengurus, act=edi...

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...