CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 2026/06/16 7:13 a.m.•49 views

Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

10CVSS9AI score0.87987EPSS

Exploits8References5

RedhatCVE•added 2026/01/07 9:17 a.m.•4 views

CVE-2025-1035

RedhatCVE•added 2025/05/22 9:29 p.m.•9 views

Exploits0References1

CVE-2021-3317

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...

8.8CVSS7.2AI score0.41394EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 5:10 p.m.•9 views

CVE-2020-35729

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter...

10CVSS7.3AI score0.87987EPSS

ATTACKERKB•added 2025/02/18 12:15 p.m.•5 views

CVE-2025-1035

NVD•added 2025/02/18 12:15 p.m.•13 views

Exploits0References5

CVE-2025-1035

5.7CVSS0.09755EPSS

Cvelist•added 2025/02/18 11:30 a.m.•15 views

CVE-2025-1035 Path Traversal in Komtera Technolgies' KLog Server

5.7CVSS0.09755EPSS

CVE•added 2025/02/18 11:30 a.m.•130 views

CVE-2025-1035

The CVE-2025-1035 entry concerns Komtera Technolgies KLog Server with a Path Traversal vulnerability (versions prior to 3.1.1). The issue arises from improper limitation of a pathname to a restricted directory, allowing manipulation of web input to file system calls. Impact is described as potent...

Vulnrichment•added 2025/02/18 11:30 a.m.•7 views

CVE-2025-1035 Path Traversal in Komtera Technolgies' KLog Server

Positive Technologies•added 2025/02/18 12:0 a.m.•10 views

PT-2025-6822

Name of the Vulnerable Software and Affected Versions Komtera Technolgies KLog Server versions prior to 3.1.1 Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'. This allows for manipulating web input to make calls to...

GithubExploit•added 2021/04/09 7:59 a.m.•166 views

Exploits0References7

Exploit for OS Command Injection in Klogserver Klog_Server

Information py Exploit Title: Klog Server 2.4.1 - Command...

10CVSS9.7AI score0.87987EPSS

GithubExploit•added 2021/04/09 7:36 a.m.•102 views

Exploit for OS Command Injection in Klogserver Klog_Server

Information Exploit Title: Klog Server 2.4.1 - Command Inject...

8.8CVSS9AI score0.41394EPSS

Exploits3

0day.today•added 2021/02/15 12:0 a.m.•75 views

Klog Server 2.4.1 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command executio...

10CVSS0.5AI score0.87987EPSS

Packet Storm•added 2021/02/15 12:0 a.m.•182 views

Klog Server 2.4.1 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server authenticate.php user Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injectio...

10CVSS0.1AI score0.87987EPSS

Metasploit•added 2021/02/13 5:42 p.m.•87 views

Klog Server authenticate.php user Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the...

10CVSS9.9AI score0.87987EPSS