{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/sim-pkh/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25410"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["SIM-PKH 2.4.1"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve","web-application"],"_cs_type":"threat","_cs_vendors":["SIM-PKH"],"content_html":"\u003cp\u003eSIM-PKH 2.4.1 is susceptible to SQL injection vulnerability (CVE-2018-25410). An authenticated attacker can exploit this vulnerability by injecting malicious SQL code into the \u0026lsquo;id\u0026rsquo; parameter of a GET request. The vulnerability exists in the \u003ccode\u003e/admin/media.php\u003c/code\u003e endpoint, specifically when the \u003ccode\u003emodule\u003c/code\u003e parameter is set to \u003ccode\u003epengurus\u003c/code\u003e and the \u003ccode\u003eact\u003c/code\u003e parameter is set to \u003ccode\u003eeditpengurus\u003c/code\u003e. A successful exploit enables the attacker to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information, including usernames, database names, and version details. This vulnerability poses a significant risk to the confidentiality and integrity of the SIM-PKH application and its underlying database.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the SIM-PKH application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious GET request targeting \u003ccode\u003e/admin/media.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sets the \u003ccode\u003emodule\u003c/code\u003e parameter to \u003ccode\u003epengurus\u003c/code\u003e and the \u003ccode\u003eact\u003c/code\u003e parameter to \u003ccode\u003eeditpengurus\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious SQL code into the \u003ccode\u003eid\u003c/code\u003e parameter, using SQL UNION statements.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted GET request to the server.\u003c/li\u003e\n\u003cli\u003eThe server processes the request and executes the injected SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe database returns the results of the injected SQL query to the server.\u003c/li\u003e\n\u003cli\u003eThe server displays the extracted database information, including usernames, database names, and version details, to the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25410) in SIM-PKH 2.4.1 allows an attacker to extract sensitive information from the database. This may include usernames, passwords, database names, version details, and other confidential data. The compromise of this information can lead to unauthorized access, data breaches, and further attacks against the application and its users. The CVSS v3.1 base score for this vulnerability is 7.1, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of SIM-PKH to remediate CVE-2018-25410.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2018-25410 Exploitation Attempt — SIM-PKH SQL Injection\u0026rdquo; to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eReview and harden database access controls to limit the impact of potential SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:19:04Z","date_published":"2026-05-30T16:19:04Z","id":"https://feed.craftedsignal.io/briefs/2026-05-sim-pkh-sql-injection/","summary":"SIM-PKH version 2.4.1 is vulnerable to SQL injection (CVE-2018-25410), allowing an authenticated attacker to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter via a crafted GET request, potentially leading to database information disclosure.","title":"SIM-PKH 2.4.1 SQL Injection Vulnerability (CVE-2018-25410)","url":"https://feed.craftedsignal.io/briefs/2026-05-sim-pkh-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — SIM-PKH","version":"https://jsonfeed.org/version/1.1"}