Skip to content

Instantly share code, notes, and snippets.

@mamdouhalrekabi-ops

mamdouhalrekabi-ops/CVE-2025-45326.md

Last active September 28, 2025 02:12
Show Gist options
  • Save mamdouhalrekabi-ops/3e230eb973101aa6ac7003427a723e29 to your computer and use it in GitHub Desktop.
Save mamdouhalrekabi-ops/3e230eb973101aa6ac7003427a723e29 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2025-45326: Remote Code Execution in PocketVJ CP pvj 3.9.1
Raw
CVE-2025-45326.md

CVE-2025-45326: Remote Code Execution in PocketVJ CP (pvj 3.9.1)

Product: PocketVJ CP
Affected Versions: pvj 3.9.1
Vulnerability Type: Remote Code Execution (RCE)

Description:
An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component. The vulnerable code uses shell_exec(), exec(), and system() functions without proper sanitization.

Attack Vector:
Remote HTTP POST request (Web-based injection).

Impact:
Successful exploitation allows attackers to execute arbitrary system commands.

Affected Component:
submit_size.php — specifically the functions: shell_exec(), exec(), system().

References:

CVE ID: CVE-2025-45326

Discoverer: Mamdouh Alrekabi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment