exploitDog

GHSA-5rh8-jvhv-9fc6

Опубликовано: 16 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 9.3

CVSS3: 9.8

Описание

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.

Ссылки

EPSS

Процентиль: 80%

0.01393

Низкий

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2025-34184

CVSS3: 9.8

nvd

5 месяцев назад

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.

EPSS

Процентиль: 80%

0.01393

Низкий

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78