A vulnerability was found in VITEC Flamingo 4.12.2. It has been declared as very critical. Affected by this issue is the function passthru of the file admin/ajax/gen_graphs.php of the component Graph Generation. Such manipulation of the argument start/end/key/format leads to os command injection.

This vulnerability is traded as CVE-2026-61498. The attack may be launched remotely. There is no exploit available.