โ† Back to Dashboard

CVE-2018-25410

HIGH NVD
CVSS Score
7.1
Severity
HIGH
Source
NVD
Published
May 30, 2026
Description

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQL UNION statements to extract database information including usernames, database names, and version details.

View Full Details โ† Back