CVE-2025-26845

Critical CVSS: 9.8

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.

Vendor

Znuny

Product

Znuny

CWE

CWE-94

Yayın Tarihi

2025-05-08 17:16:01

Güncelleme

2025-05-16 15:39:14

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Znuny CRITICAL Znuny 2025

Referanslar

https://www.znuny.com https://www.znuny.org/en/advisories/zsa-2025-03

Benzer Kayıtlar

Critical

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to…

High

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

Medium

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateA…

High

CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-ma…

Critical

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.