CVE-2025-3883 – eCharge Hardy Barth cPH2 Remote Command Injection Vulnerability

May 22, 2025

CVE ID : CVE-2025-3883

Published : May 22, 2025, 1:15 a.m. | 1 hour, 35 minutes ago

Description : eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of GET parameters provided to the index.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23115.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3885 – Harman Becker MGU21 Bluetooth Denial-of-Service Vulnerability

Next Article CVE-2025-3887 – GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Highlights

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

April 25, 2025

CVE ID : CVE-2025-3868

Published : April 25, 2025, 7:15 a.m. | 14 minutes ago

Description : The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘menuObject’ parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

Google Pixel 10 Pro vs. iPhone 16 Pro: I’ve used both handsets, and there’s a clear winner

Master these 48 Windows keyboard shortcuts and finish work early

Why the Pixel 10 is making this longtime iPhone user reconsider their next phone

Google Pixel 10 Pro Fold vs. Samsung Galaxy Z Fold 7: I compared both Androids, and here’s the winner

PERFIXION 2025: Powering AI Ideas

PERFIXION 2025: Powering AI Ideas

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Reports say Windows 11 update is bricking drives — is yours on the list?

Razer finally remembered I don’t live in China, so now we can all get this cool Gengar gaming headset

CVE-2025-3883 – eCharge Hardy Barth cPH2 Remote Command Injection Vulnerability

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days

CVE-2024-13916 – Kruger&Matz com.pri.applock Fingerprint PIN Code Exfiltration

How to Upgrade to Ubuntu 25.04 ‘Plucky Puffin’

This $1,200 PTZ camera is a glorified webcam, but it gave my creator workflow a big boost

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

CVE-2025-47757 – Adobe VSFT Out-of-Bounds Read Vulnerability

CVE-2025-6104 – Wifi-soft UniBox Controller Os Command Injection Vulnerability

CVE-2025-4367 – WordPress Download Manager Stored Cross-Site Scripting Vulnerability

CVE-2025-3883 – eCharge Hardy Barth cPH2 Remote Command Injection Vulnerability

Related Posts