CVE-2018-25409

Name of the Vulnerable Software and Affected Versions SIM-PKH version 2.4.1

Description An arbitrary file upload issue allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. This is possible via the 'aksi pengurus.php' endpoint when using the module=pengurus and act=update parameters. The uploaded PHP files are stored in the 'foto' directory and can be executed as web scripts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.