What is GHSA-j699-2v84-mrr9?

GHSA-j699-2v84-mrr9 is a security advisory published by GitHub Security Advisories with High severity. SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers...

Which CVE IDs does GHSA-j699-2v84-mrr9 cover?

GHSA-j699-2v84-mrr9 covers the following CVE IDs: CVE-2018-25409. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-j699-2v84-mrr9?

GHSA-j699-2v84-mrr9 has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-j699-2v84-mrr9HighCVSS 8.8

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers...

Vendor

GitHub Security Advisories

Published

May 30, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2018-25409 →

📋 Description

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which are stored in the foto directory and executed as web scripts.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25409
https://simpkh.sourceforge.io
https://sourceforge.net/projects/simpkh/files/latest/download
https://www.exploit-db.com/exploits/45659
https://www.vulncheck.com/advisories/sim-pkh-arbitrary-file-upload-via-aksi-pengurus-php
https://github.com/advisories/GHSA-j699-2v84-mrr9