Vulnerabilities

CVE-2025-34184

by Fred · 16/09/2025

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the ‘passwd’ HTTP POST parameter, leading to full system compromise or denial of service.

More information : https://packetstorm.news/files/id/207717/

Similar

Tags: Cybersecurity Alert