CVE-2025-0328 | KaiYuanTong ECT Platform up to 2.0.0 HTTP POST Request runCode.php code command injection

A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command injection.

This vulnerability is handled as CVE-2025-0328. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0328 | KaiYuanTong ECT Platform up to 2.0.0 HTTP POST Request runCode.php code command injection

Related Posts

CVE-2024-22122 | Zabbix Server up to 5.0.42/6.0.30/6.4.15/7.0.0rc2 SMS Notification Number command injection

CVE-2024-10702 | code-projects Simple Car Rental System 1.0 /signup.php fname sql injection

CVE-2024-5746 | GitHub Enterprise Server up to 3.9.15/3.10.12/3.11.10/3.12.4 server-side request forgery

CVE-2025-0347 | code-projects Admission Management System 1.0 Login index.php u_id sql injection