VYPR

Pegasus CMS

by Wisdom

CVEs (1)

  • CVE-2019-25687CriApr 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious…