CRITICAL: CVE-2019-25687 (CVSS 9.8) — wisdom pegasus cms
CVE: CVE-2019-25687
CVSS: 9.8 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
Status: Critical advisory
Affected
- wisdom pegasus cms
Summary
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.
Verified Sources
References
- https://www.exploit-db.com/exploits/46542
- https://www.vulncheck.com/advisories/pegasus-cms-remote-code-execution-via-extra-fields-php
- https://www.wisdom.com.au/web/pegasus-cms
_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._
Lyrie Verdict
A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.
Validated sources
- [1]NVD
- [2]GitHub Advisory
- [3]MITRE