CVE-2025-5126 | FLIR AX8 up to 1.46.16 settingsregional.php setDataTime year/month/day/hour/minute command injection

Inserito da Angelo Barbosa | Mag 23, 2025 | CVE

A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file usrwwwapplicationmodelssettingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection.

This vulnerability was named CVE-2025-5126. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5126 | FLIR AX8 up to 1.46.16 settingsregional.php setDataTime year/month/day/hour/minute command injection

Post correlati

CVE-2024-33498 | Siemens SIMATIC RTLS Locating Manager up to 3.0.1.0 resource consumption (ssa-093430)

CVE-2024-29473 | OneBlog 2.3.4 Role Management cross site scripting

CVE-2024-25285 | Redsys 3DSecure 2.0 threeDSMethodNotificationURL cross site scripting

CVE-2023-6740 | Checkmk up to 2.0.0p38/2.1.0p36/2.2.0p16 jar_signature Agent Plugin uncontrolled search path