magdesign/PocketVJ-CP-v3

magdesign/PocketVJ-CP-v3

www.pocketvj.com

Releases1

Frequency

Last Release almost 2 years ago

Stars170

PocketVJ 3.x Control Panel

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63334 ↗	Nov 5, 2025Wednesday, 5 November 2025, 20:15	9.8 CRITICAL	—
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execute arbitrary commands with root privileges on the underlying system.
CVE-2025-45326 ↗	Sep 23, 2025Tuesday, 23 September 2025, 19:15	6.5 MEDIUM	—
An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component.