CVE-2025-30091

Severity CVSS v4.0:
CRITICAL
Type:
Unavailable / Other
Publication date:
25/03/2025
Last modified:
27/03/2025

Description

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed.