CVE-2024-25415

Published February 16th, 2024

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.

capture0x/Phoenix

CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)

GitHub