sar2html <=3.2.2 Plot Parameter - Remote Code Execution

sar2html version 3.2.2 and prior contains an OS command injection vulnerability in the plot parameter of index.php. A remote, unauthenticated attacker can append shell metacharacters to the plot parameter and execute arbitrary operating system commands. id: CVE-2025-34030 info: name: sar2html...

EUVD-2025-18774

Malicious code in bioql PyPI...

Exploit for CVE-2025-34030

CVE-2025-34030 - sar2html 'plot' parameter RCE CVSS: 10.0 Cri...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030 sar2html OS Command Injection

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030 sar2html OS Command Injection

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34030

CVE-2025-34030 affects sar2html, versions up to 3.2.2 and earlier. The root cause is improper sanitization of the user-supplied input in the plot parameter of index.php, which is used in a system-level context. This leads to an OS command injection vulnerability that remote, unauthenticated attac...

VulnCheck KEV: CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to...

sar2html 安全漏洞

sar2html is an icon generation software by cemtan individual developer. A security vulnerability exists in sar2html 3.2.2 and earlier versions, which stems from not cleaning up the plot parameter and could lead to an OS command injection attack...

sar2html 3.2.1 - &#039;plot&#039; Remote Code Execution

Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution Date: 27-12-2020 Exploit Author: Musyoka Ian Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Ubuntu 18.04.1 !/usr/bin/env python3 import requests...

Sar2HTML 3.2.1 - Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: sar2html Remote Code Execution Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application y...

Sar2HTML 3.2.1 - Remote Command Execution

Sar2HTML 3.2.1 - Remote Command Execution Exploit Title: sar2html Remote Code Execution Date: 01/08/2019 Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web...

Sar2HTML 3.2.1 Remote Command Execution

Exploit Title: sar2html Remote Code Execution Date: 01/08/2019 Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application you will see index.php?plot url...

PT-2025-26462

Name of the Vulnerable Software and Affected Versions: sar2html versions 3.2.2 and prior Description: An OS command injection vulnerability exists due to insufficient input validation when processing the plot parameter in the index.php file. The application does not sanitize user-supplied input...