CyberSec.Space Logo
Back to CVE Browser

CVE-2019-25687

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0670%
EPSS Percentile35.48th
PublishedApr 5, 2026
Last ModifiedApr 24, 2026

Vulnerability Description

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.

Affected Platforms (CPE)

๐Ÿ“ฆ
Wisdom

Pegasus Cms

= 1.0

References & Advisories

๐Ÿ”— https://www.exploit-db.com/exploits/46542
๐Ÿ”— https://www.vulncheck.com/advisories/pegasus-cms-remote-code-execution-via-extra-fields-php
๐Ÿ”— https://www.wisdom.com.au/web/pegasus-cms

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...