Critical severityNVD Advisory· Published Mar 25, 2025· Updated Apr 15, 2026
CVE-2025-30091
CVE-2025-30091
Description
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <4.0.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.