4 matches found
CVE-2025-44658
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them ...
CVE-2025-44658
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them ...
PT-2025-30295 · NetGear · Netgear Rax30
Name of the Vulnerable Software and Affected Versions: Netgear RAX30 version 1.0.10.94 Description: A PHP-FPM misconfiguration vulnerability exists due to not restricting PHP-FPM to only handle .php extensions. An attacker can exploit this by uploading malicious scripts with alternate extensions...
CVE-2025-44658
Netgear RAX30 appears affected (version V1.0.10.94). The issue is a PHP-FPM misconfiguration that fails to limit PHP-FPM to .php extensions, allowing uploaded scripts with alternate extensions to be executed as PHP. Consequences described include remote code execution, information disclosure, or ...