Key Information Vulnerability Overview Vulnerability Type: Arbitrary PHP Code Execution (requires admin privileges) CVE ID: CVE-2025-62429 CVSS Score: 7.2/10 (High) Affected Versions Affected Versions: = 5.5.2 - #147 Description In the file , the "type" parameter from the POST request is embedded within PHP tags and executed. Due to insufficient sanitization, attackers can inject malicious code to execute arbitrary PHP code, leading to Remote Code Execution (RCE). Details Attackers require admin privileges. Attackers exploit the admin's PHPSESSID and use curl to execute shell commands, for example: Result: The shell command is executed on the PHP server, and the file is created on the web server. Cause The application constructs a string containing PHP tags in the variable without properly sanitizing , which is then executed via . Since the client can freely set the "type" parameter, the server must properly sanitize it. Impact Attackers can inject arbitrary PHP code, enabling Remote Code Execution (RCE). Weakness CWE-94: Improper Input Validation and Sanitization Reporter and Coordinator Reporter: Takumi142857 Coordinator: satoki