CVE-2025-67888 | Control Web Panel up to 0.9.8.1208 GET Parameter admin/index.php key os command injection

A vulnerability was found in Control Web Panel up to 0.9.8.1208. It has been declared as critical. Impacted is an unknown function of the file admin/index.php of the component GET Parameter Handler. Such manipulation of the argument key leads to os command injection.

This vulnerability is traded as CVE-2025-67888. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

CVE-2025-67888 | Control Web Panel up to 0.9.8.1208 GET Parameter admin/index.php key os command injection

Post correlati

CVE-2024-45755 | Centreon centreon-dsm-server up to 22.10.1/23.04.2/23.10.0/24.04.2 Slot sql injection

CVE-2023-24330 | D-Link DIR-882 FW130B06 POST Request /HNAP1/ command injection

CVE-2024-10837 | SysBasics Customize My Account for WooCommerce Plugin up to 2.7.29 on WordPress tab cross site scripting

CVE-2024-33691 | OptinMonster Popup Builder Team OptinMonster Plugin up to 2.15.3 on WordPress cross-site request forgery