An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
History

Thu, 29 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 29 May 2025 13:00:00 +0000

Type Values Removed Values Added
Description An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
Title MICI Network Co. Ltd. NetFax Server Command Injection
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2025-05-29T12:36:13.667Z

Updated: 2025-05-29T13:15:14.119Z

Reserved: 2025-05-15T13:38:26.770Z

Link: CVE-2025-48047

cve-icon Vulnrichment

Updated: 2025-05-29T13:14:58.953Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-29T13:15:25.887

Modified: 2025-05-29T14:29:50.247

Link: CVE-2025-48047

cve-icon Redhat

No data.