CVE-2025-30091

Critical CVSS: 9.4

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed.

Vendor

Product

CWE

CWE-96

Yayın Tarihi

2025-03-25 14:15:32

Güncelleme

2025-03-27 16:45:46

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-96 CRITICAL 2025

Referanslar

https://www.moxiemanager.com/changelog/ https://www.moxiemanager.com/documentation/SEC-1063.php