Product
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability (CVE-2018-25409) that allows authenticated attackers to upload malicious PHP files via the fupload parameter through the aksi_pengurus.php endpoint, leading to remote code execution.