A vulnerability was found in VITEC Flamingo 4.12.2. It has been classified as very critical. Affected by this vulnerability is the function escapeshellarg/shell_exec of the file admin/ajax/ping.php of the component Admin AJAX Endpoint. This manipulation of the argument host causes os command injection.

This vulnerability appears as CVE-2026-60121. The attack may be initiated remotely. There is no available exploit.