PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role.
2015-11-14T03:59:08.790
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | pc-egg | pwebmanager | ≤ 3.3.9a | Yes |
| Application | pc-egg | pwebmanager | ≤ 2.2.2 | Yes |
| Application | php | php | 4.4.0 | No |
| Application | php | php | 4.4.1 | No |
| Application | php | php | 4.4.2 | No |
| Application | php | php | 4.4.3 | No |
| Application | php | php | 4.4.4 | No |
| Application | php | php | 4.4.5 | No |
| Application | php | php | 4.4.6 | No |
| Application | php | php | 4.4.7 | No |
| Application | php | php | 4.4.8 | No |
| Application | php | php | 4.4.9 | No |