Plattform
php
Komponente
pegasus-cms
Behoben in
1.0.1
CVE-2019-25687 represents a critical Remote Code Execution (RCE) vulnerability discovered in Pegasus CMS. This flaw allows unauthenticated attackers to execute arbitrary commands on a vulnerable system, potentially leading to complete system compromise. The vulnerability affects versions 1.0.0 through 1.0, and a fix is pending release from the vendor.
The impact of CVE-2019-25687 is severe. An attacker can exploit this vulnerability to execute arbitrary code on the web server hosting the Pegasus CMS installation. This could lead to complete system takeover, data exfiltration, malware deployment, and denial of service. The lack of authentication required for exploitation significantly broadens the attack surface. Successful exploitation could allow an attacker to modify website content, steal sensitive data stored within the CMS, or pivot to other systems on the network if the web server has access to internal resources. The potential for widespread damage is high, particularly given the CMS's use in various web applications.
CVE-2019-25687 was publicly disclosed on 2026-04-05. While no active exploitation campaigns have been definitively linked to this CVE, the ease of exploitation and the lack of authentication make it a high-priority target. The vulnerability's reliance on eval functions is reminiscent of other code injection vulnerabilities, increasing the likelihood of automated scanning and exploitation attempts. No KEV listing is currently available.
Organizations running Pegasus CMS version 1.0.0–1.0, especially those with publicly accessible instances, are at significant risk. Shared hosting environments are particularly vulnerable, as a compromised CMS installation can potentially impact other websites hosted on the same server. Systems with weak firewall configurations or lacking intrusion detection systems are also at increased risk.
• php: Examine web server access logs for POST requests to submit.php with unusual or suspicious data in the action parameter. Look for patterns indicative of PHP code injection.
grep 'action=[a-zA-Z0-9;+\/\*\(\)"' /var/log/apache2/access.log• php: Search the extra_fields.php file for instances of the eval() function and assess if input validation is performed before its usage.
grep 'eval(' extra_fields.php• generic web: Monitor network traffic for POST requests to submit.php originating from unusual IP addresses or exhibiting suspicious user agent strings.
• generic web: Check for newly created files or modified files within the Pegasus CMS installation directory, particularly those with PHP extensions, which could indicate successful code execution.
disclosure
Exploit-Status
EPSS
0.39% (60% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2019-25687 is to immediately upgrade Pegasus CMS to a patched version as soon as it becomes available. If upgrading is not immediately feasible, implement temporary workarounds. A Web Application Firewall (WAF) can be configured to block requests to the submit.php endpoint with suspicious payloads, specifically those containing PHP code. Input validation on the action parameter should be implemented to sanitize user-supplied data and prevent the execution of malicious code. Review and restrict file permissions to limit the attacker's ability to write to sensitive locations. After upgrade, confirm by attempting to trigger the vulnerable endpoint with a known malicious payload and verifying that it is blocked.
Actualice a una versión segura de Pegasus CMS que corrija la vulnerabilidad de ejecución remota de código en el archivo extra_fields.php. Verifique las fuentes oficiales de Pegasus CMS para obtener información sobre las actualizaciones disponibles y las instrucciones de instalación. Como medida preventiva, desactive el plugin extra_fields.php hasta que se pueda aplicar una actualización segura.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-25687 is a critical Remote Code Execution vulnerability in Pegasus CMS versions 1.0.0–1.0, allowing attackers to execute arbitrary commands without authentication.
If you are running Pegasus CMS version 1.0.0–1.0 and have not applied a patch, you are vulnerable to this RCE vulnerability.
Upgrade to a patched version of Pegasus CMS as soon as it becomes available. Until then, implement input validation and disable the eval function in extra_fields.php.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a high-priority target for attackers.
Refer to the Pegasus CMS website or security mailing lists for official advisories and updates regarding this vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.