CVE-2025-30091

CRITICAL Year: 2025
Weakness Type
CWE-96
View all →

Vulnerability Description

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed.

Related Vulnerabilities

CVE-2020-6143

CRITICAL
CVSS:10.0(Critical)

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code int...

CWE-962020

CVE-2020-6144

CRITICAL
CVSS:10.0(Critical)

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code int...

CWE-962020

CVE-2023-39726

CRITICAL
CVSS:9.8(Critical)

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CWE-962023

CVE-2024-13264

CRITICAL
CVSS:9.8(Critical)

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0....

CWE-962024

CVE-2015-2079

HIGH
CVSS:8.8(High)

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.

CWE-962015

CVE-2022-43938

HIGH
CVSS:8.8(High)

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prp...

CWE-962022