Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/07/23 12:57 a.m.9 views

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

9.8CVSS7.3AI score0.04732EPSS
Exploits2References1
circl
circl
added 2025/07/22 12:44 a.m.14 views

CVE-2025-36846

creationtimestamp| type| source ---|---|--- 2025-07-22 00:44:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lujbmpibrm2o 2025-07-22 03:54:24+00:00| seen| MISP/a3c5beab-b790-4171-8b4c-02c8a9678071 2025-09-09 11:53:39+00:00| seen| MISP/a3c5beab-b790-4171-8b4c-02c8a9678071...

9.8CVSS5.8AI score0.04732EPSS
Exploits1References1
nvd
nvd
added 2025/07/21 6:15 p.m.11 views

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

9.8CVSS0.04732EPSS
Exploits1References2
cve
cve
added 2025/07/21 12:0 a.m.35 views

CVE-2025-36846

CVE-2025-36846 affects Eveo URVE Web Manager 27.02.2025. The issue is an OS Command Injection in the /_internal/pc/vpro.php endpoint, where an input parameter is passed directly to PHP shell_exec(), enabling arbitrary command execution. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no p...

9.8CVSS7.2AI score0.04732EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder