CVE-2018-25409 in SIM-PKHinfo

Summary

by MITRE • 05/30/2026

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which are stored in the foto directory and executed as web scripts.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

05/30/2026

Disclosure

05/30/2026

Moderation

accepted

Entry

VDB-367433

CPE

ready

CWE

CWE-434 (confirmed)

Exploit

Download

CVSS

8.8 (CNA)

EPSS

0.00043

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-25409
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-25409
CVE Details	https://www.cvedetails.com/cve/CVE-2018-25409/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!