CVE-2019-25441

Critical CVSS: 9.3

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.

Vendor

Kostasmitroglou

Product

Thesystem

CWE

CWE-78

Yayın Tarihi

2026-02-20 23:16:00

Güncelleme

2026-03-12 16:12:14

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Thesystem CRITICAL Kostasmitroglou 2026

Referanslar

https://github.com/kostasmitroglou/thesystem https://www.exploit-db.com/exploits/47441 https://www.vulncheck.com/advisories/thesystem-command-injection-via-runcommand-endpoint

Benzer Kayıtlar

High

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the…

High

CVE-2019-25347

thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating…

Medium

CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious…