1 results (0.006 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30091
https://notcve.org/view.php?id=CVE-2025-30091
25 Mar 2025 — In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed. • https://www.moxiemanager.com/changelog • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •