CVE-2025-5145 – Netcore Query String Handler Remote Command Injection Vulnerability

May 25, 2025

CVE ID : CVE-2025-5145

Published : May 25, 2025, 6:15 a.m. | 2 hours, 40 minutes ago

Description : A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5146 – Netcore Routerd HTTP Header Handler Command Injection Vulnerability

Next Article La rivoluzione architetturale di AerynOS: Non solo una distribuzione GNU/Linux

Highlights

CVE-2025-34121 – Idera Up.Time PHP File Upload RCE

July 16, 2025

CVE ID : CVE-2025-34121

Published : July 16, 2025, 9:15 p.m. | 5 hours, 47 minutes ago

Description : An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft Graph CLI to be retired

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Spec-driven development with AI: Get started with a new open source toolkit

Should the CSS light-dark() Function Support More Than Light and Dark Values?

A Behind-the-Scenes Look at the New Jitter Website

The Modern Job Hunt: Part 1

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

How to Open Ports in Firewall on Windows Server

Google TV Remote Not Working? 5 Quick Fixes

CVE-2025-5145 – Netcore Query String Handler Remote Command Injection Vulnerability

CVE-2025-2414 – Akinsoft OctoCloud Authentication Bypass

CVE-2025-46810 – Traefik2 openSUSE Tumbleweed Symlink Following Root Escalation

Elden Ring Nightreign: How to unlock the Duchess

CVE-2025-52913 – Mitel MiCollab NuPoint Unified Messaging Path Traversal Vulnerability

CVE-2025-58068 – Eventlet HTTP Request Smuggling Vulnerability

Affordable 4o Image API for Fast Image Generation

CVE-2025-34121 – Idera Up.Time PHP File Upload RCE

Can’t Find a Tax Accountant? Here’s Why and What To Do Next

How to share your location on Android quickly – via text or Google Maps

CVE-2025-49739 – Visual Studio Link Following Privilege Escalation Vulnerability

CVE-2025-5145 – Netcore Query String Handler Remote Command Injection Vulnerability

Related Posts