CVE-2026-2944 | Tosei Online Store Management System ネット店舗管理システム HTTP POST Request /cgi-bin/monitor.php system os command injection

A vulnerability, which was classified as critical, has been found in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection.

This vulnerability was named CVE-2026-2944. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2944 | Tosei Online Store Management System ネット店舗管理システム HTTP POST Request /cgi-bin/monitor.php system os command injection

Post correlati

CVE-2024-54557 | Apple macOS up to 13.6/14.6/15.1 Restrictions access control

CVE-2025-45150 | LangChain-ChatGLM-Webui ef829 permission

CVE-2025-47597 | Maulik Vora WP Podcasts Manager Plugin up to 1.2 on WordPress cross-site request forgery

CVE-2024-1949 | Mattermost up to 8.1.8/9.4.1 Post Creation information disclosure