← Volver a CVEs
CVE-2019-25441
CRITICAL9.8
Descripcion
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/20/2026
Ultima modificacion3/12/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
kostasmitroglou:thesystem
Debilidades (CWE)
CWE-78
Referencias
https://github.com/kostasmitroglou/thesystem(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/47441(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/thesystem-command-injection-via-runcommand-endpoint(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.