sar2html <=3.2.2 Plot Parameter - Remote Code Execution

sar2html version 3.2.2 and prior contains an OS command injection vulnerability in the plot parameter of index.php. A remote, unauthenticated attacker can append shell metacharacters to the plot parameter and execute arbitrary operating system commands. id: CVE-2025-34030 info: name: sar2html...

EUVD-2025-18774

Malicious code in bioql PyPI...

Exploit for CVE-2025-34030

CVE-2025-34030 - sar2html 'plot' parameter RCE CVSS: 10.0 Cri...

The vulnerability of the index.php script used by the sar2html system statistics visualization tool allows a perpetrator to execute arbitrary commands.

The vulnerability of the index.php script used by the sar2html system statistics visualization tool is related to insufficient validation of input data during the processing of the plot parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030 sar2html OS Command Injection

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030 sar2html OS Command Injection

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030

CVE-2025-34030 affects sar2html, versions up to 3.2.2 and earlier. The root cause is improper sanitization of the user-supplied input in the plot parameter of index.php, which is used in a system-level context. This leads to an OS command injection vulnerability that remote, unauthenticated attac...

VulnCheck KEV: CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to...

sar2html 安全漏洞

sar2html is an icon generation software by cemtan individual developer. A security vulnerability exists in sar2html 3.2.2 and earlier versions, which stems from not cleaning up the plot parameter and could lead to an OS command injection attack...

sar2html 3.2.1 - &#039;plot&#039; Remote Code Execution

Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution Date: 27-12-2020 Exploit Author: Musyoka Ian Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Ubuntu 18.04.1 !/usr/bin/env python3 import requests...

Sar2HTML 3.2.1 - Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: sar2html Remote Code Execution Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application y...

Sar2HTML 3.2.1 - Remote Command Execution

Sar2HTML 3.2.1 - Remote Command Execution Exploit Title: sar2html Remote Code Execution Date: 01/08/2019 Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web...

Sar2HTML 3.2.1 Remote Command Execution

Exploit Title: sar2html Remote Code Execution Date: 01/08/2019 Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application you will see index.php?plot url...

PT-2025-26462

Name of the Vulnerable Software and Affected Versions sar2html versions 3.2.2 and prior Description An OS command injection vulnerability exists due to insufficient input validation when processing the plot parameter in the index.php file. Remote, unauthenticated attackers can inject shell comman...