CVE-2025-34030

CVE-2025-34030

Information

CVE_ID              : CVE-2025-34030
Severity            : CRITICAL
Published        : 2025-06-20T19:15:37.343
LastModified  : 2025-06-23T20:16:21.633
Updated          : 2025-06-23T20:16:21.633
Status              : Awaiting Analysis

Descriptions:

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to the plot parameter (e.g., ?plot=;id) in a crafted GET request. The output of the command is displayed in the application's interface after interacting with the host selection UI. Successful exploitation leads to arbitrary command execution on the underlying system.


Know Exploitability

Exploitability : False

Vendor Affected

CVE-2025-34030

V4.0

Score : 10.0
Severity : CRITICAL
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope :
Confidentiality Impact :
Integrity Impact :
Availability Impact :
Exploitability :
Impact Score :

V3.1

V3.0

V2.0

References

https://github.com/cemtan/sar2html

https://vulncheck.com/advisories/sar2html-command-injection

https://www.exploit-db.com/exploits/47204

https://www.fortiguard.com/encyclopedia/ips/48624

Vendor Product