4 matches found
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36846
creationtimestamp| type| source ---|---|--- 2025-07-22 00:44:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lujbmpibrm2o 2025-07-22 03:54:24+00:00| seen| MISP/a3c5beab-b790-4171-8b4c-02c8a9678071 2025-09-09 11:53:39+00:00| seen| MISP/a3c5beab-b790-4171-8b4c-02c8a9678071...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36846
CVE-2025-36846 affects Eveo URVE Web Manager 27.02.2025. The issue is an OS Command Injection in the /_internal/pc/vpro.php endpoint, where an input parameter is passed directly to PHP shell_exec(), enabling arbitrary command execution. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no p...