What is GHSA-vrwp-pc3f-v22w?

GHSA-vrwp-pc3f-v22w is a security advisory published by GitHub Security Advisories with High severity. HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers...

Which CVE IDs does GHSA-vrwp-pc3f-v22w cover?

GHSA-vrwp-pc3f-v22w covers the following CVE IDs: CVE-2018-25388. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vrwp-pc3f-v22w?

GHSA-vrwp-pc3f-v22w has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-vrwp-pc3f-v22wHighCVSS 8.8

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2018-25388 →

📋 Description

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25388
https://sourceforge.net/projects/hape-pkh/files/latest/download
https://www.exploit-db.com/exploits/45593
https://www.vulncheck.com/advisories/hape-pkh-arbitrary-file-upload-via-aksi-foto-php
http://www.sitejo.id
https://github.com/advisories/GHSA-vrwp-pc3f-v22w