CVE-2025-5126 | FLIR AX8 up to 1.46.16 settingsregional.php setDataTime year/month/day/hour/minute command injection

Inserito da Angelo Barbosa | Mag 23, 2025 | CVE

A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file usrwwwapplicationmodelssettingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection.

This vulnerability was named CVE-2025-5126. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5126 | FLIR AX8 up to 1.46.16 settingsregional.php setDataTime year/month/day/hour/minute command injection

Post correlati

CVE-2024-36236 | Adobe Experience Manager up to 6.5.20 Link cross site scripting (apsb24-28)

CVE-2022-48685 | Logpoint up to 7.1.1 clean_secbi_old_logs Local Privilege Escalation

CVE-2023-52947 | Synology Active Backup for Business Agent prior 2.7.0-3221 logout missing authentication (SA_24_11)

CVE-2024-57429 | PHPJabbers Cinema Booking System 2.0 pjActionUpdate cross-site request forgery