CVE-2025-34030 – Apache sar2html OS Command Injection Vulnerability

June 20, 2025

CVE ID : CVE-2025-34030

Published : June 20, 2025, 7:15 p.m. | 3 hours, 14 minutes ago

Description : An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to the plot parameter (e.g., ?plot=;id) in a crafted GET request. The output of the command is displayed in the application’s interface after interacting with the host selection UI. Successful exploitation leads to arbitrary command execution on the underlying system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6360 – Simple Pizza Ordering System SQL Injection

Next Article CVE-2025-6359 – Code-projects Simple Pizza Ordering System SQL Injection Vulnerability

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-34030 – Apache sar2html OS Command Injection Vulnerability

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

xfce4-dict – client program to query dictionaries

CVE-2025-22377 – Samsung Exynos Heap-based Out-of-Bounds Write Vulnerability

CVE-2025-41438 – “CS5000 Fire Panel Default Account Privilege Escalation”

8 Best Free and Open Source Linux Personal Information Managers

CVE-2023-41839 – Apache Struts Unvalidated Redirect to Malicious Site

NativePHP for Mobile v1 — Launching May 2

CVE-2025-32408 – Soffid Console Java Deserialization Remote Code Execution

2023: A Year of Groundbreaking Advances in AI and Computing

CVE-2025-34030 – Apache sar2html OS Command Injection Vulnerability

Related Posts