Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      AI and its impact on the developer experience, or ‘where is the joy?’

      July 23, 2025

      Google launches OSS Rebuild tool to improve trust in open source packages

      July 23, 2025

      AI-enabled software development: Risk of skill erosion or catalyst for growth?

      July 23, 2025

      BrowserStack launches Figma plugin for detecting accessibility issues in design phase

      July 22, 2025

      Power bank slapped with a recall? Stop using it now – here’s why

      July 23, 2025

      I recommend these budget earbuds over pricier Bose and Sony models – here’s why

      July 23, 2025

      Microsoft’s big AI update for Windows 11 is here – what’s new

      July 23, 2025

      Slow internet speed on Linux? This 30-second fix makes all the difference

      July 23, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Singleton and Scoped Container Attributes in Laravel 12.21

      July 23, 2025
      Recent

      Singleton and Scoped Container Attributes in Laravel 12.21

      July 23, 2025

      wulfheart/laravel-actions-ide-helper

      July 23, 2025

      lanos/laravel-cashier-stripe-connect

      July 23, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      ‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

      July 23, 2025
      Recent

      ‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

      July 23, 2025

      Sam Altman is “terrified” of voice ID fraudsters embracing AI — and threats of US bioweapon attacks keep him up at night

      July 23, 2025

      NVIDIA boasts a staggering $111 million in market value per employee — since it became the world’s first $4 trillion company

      July 23, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-48390 – FreeScout Remote Code Injection Vulnerability

    CVE-2025-48390 – FreeScout Remote Code Injection Vulnerability

    May 29, 2025

    CVE ID : CVE-2025-48390

    Published : May 29, 2025, 4:15 p.m. | 47 minutes ago

    Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking user input, the file_exists function is also called to check for the presence of such a file (folder) in the file system. A user with the administrator role can create a translation for the language, which will create a folder in the file system. Further in tools.php, the user can specify the path to this folder as php_path, which will lead to the execution of code in backticks. This issue has been patched in version 1.8.178.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-48471 – FreeScout Apache Remote Code Execution Vulnerability
    Next Article CVE-2025-48389 – FreeScout Deserialization Vulnerability (Arbitrary Code Execution)

    Related Posts

    Development

    UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

    July 23, 2025
    Development

    Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

    July 23, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-32297 – Quantumcloud Simple Link Directory SQL Injection

    Common Vulnerabilities and Exposures (CVEs)

    ONLYOFFICE 9.0 Released with New Themes, AI Tools + More

    Linux

    CVE-2025-6115 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Elon Musk’s Grok 3 AI coming to Azure proves Satya Nadella’s allegiance isn’t to OpenAI, but to maximizing Microsoft’s profit gains by heeding consumer demands

    News & Updates

    Highlights

    News & Updates

    UniteLabs secures €2.77M to become the ‘Operating System’ for the modern biotech lab

    April 3, 2025

    UniteLabs, a German startup specialising in lab automation for biotechnology, has raised €2.77 million in…

    CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

    June 16, 2025

    Tropy – explore your research photos

    May 30, 2025

    openVidu is a platform to develop WebRTC real-time applications

    May 17, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.