CyberSecurityBoard
Sponsor Register Login

ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access

The vulnerabilities, tracked as CVE-2025-47227 and CVE-2025-47228, affect version 1.0.003-build-2 of the Production Environment module included in ScriptCase version 9.12.006 (23), with previous versions likely vulnerable as well. The exploit involves three steps: first, a GET request to login.php sets the session variable to true; second, a request to secureimage.php obtains a CAPTCHA challenge; finally, a POST request with the action nm_action=change_pass successfully resets the administrator password. Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers. Two severe CVE-tracked flaws in ScriptCase Production Environment module allow complete server takeover. The researchers developed an automated exploitation script that chains both vulnerabilities, includes CAPTCHA solving capabilities using OCR techniques, and can detect ScriptCase deployment paths automatically. The vulnerability exploits a timing issue where the session variable nm_session.prod_v8.login.is_page is set after the initial AJAX request processing. The nmPageAdminSysAllConectionsCreateWizard.class.php file contains a shell injection vulnerability in the GetListDatabaseNameMySql() function, where user input is directly concatenated into SSH commands without proper sanitization. Password reset bypass and shell injection result in full system access in three easy steps. The discovered vulnerabilities by the SYNACTIV team allow attackers to compromise servers without any authentication requirements at all. This completely bypasses authentication and grants administrative access to the Production Environment console. The vulnerability allows execution of arbitrary system commands with web server privileges, typically www-data. ScriptCase has not released official patches for either CVE-2025-47227 (authentication bypass) or CVE-2025-47228 (shell injection) as of the public disclosure date.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 07 Jul 2025 08:55:15 +0000


Cyber News related to ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access

ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access - The vulnerabilities, tracked as CVE-2025-47227 and CVE-2025-47228, affect version 1.0.003-build-2 of the Production Environment module included in ScriptCase version 9.12.006 (23), with previous versions likely vulnerable as well. The exploit ...
6 months ago Cybersecuritynews.com CVE-2025-47227
CVE-2024-8940 - Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to ...
1 year ago Tenable.com
CVE-2024-8941 - Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or ...
1 year ago Tenable.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
2 years ago Securityboulevard.com
Guarding Kubernetes From the Threat Landscape - DZone - If compromised, attackers can exploit these broad permissions to manipulate deployments, introduce malicious code, gain unauthorized access to critical systems, steal sensitive data, or create backdoors for ongoing access. Part of the security ...
1 year ago Feeds.dzone.com
Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
2 years ago Csoonline.com Hunters
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
2 years ago Unit42.paloaltonetworks.com
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
5 months ago Cybersecuritynews.com
The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
2 years ago Feeds.dzone.com
Why CVEs Are an Incentives Problem - I've been thinking about some of these unintended consequences in the context of a growing problem faced by all of us in cybersecurity: how a fast-rising tide of software vulnerabilities tracked as common vulnerabilities and exposures - are reported ...
1 year ago Darkreading.com
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting - On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting via Shortcode vulnerabilities in WordPress repository plugins. We found over 100 vulnerabilities across 100 plugins which affect ...
2 years ago Wordfence.com
Microsoft Patch Tuesday 2024: 49 Vulnerabilities are fixed - Microsoft released its first patch on Tuesday, 2024, in which nearly 49 vulnerabilities have been fixed in Microsoft products and 5 vulnerabilities in non-Microsoft products. Among these 49 vulnerabilities, there were 12 remote code execution ...
2 years ago Cybersecuritynews.com CVE-2024-20674 CVE-2024-20700 CVE-2024-0057
The ticking time bomb of Microsoft Exchange Server 2013 - This is, of course, a common issue since 2021 or so, due to Exchange Server security woes- however there has been an abnormally high increase in the past few months, making me think there was some kind of Exchange Server zero day perhaps. In my own ...
2 years ago Doublepulsar.com
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
9 months ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads - Organizations using Ray, the open source framework for scaling artificial intelligence and machine learning workloads, are exposed to attacks via a trio of as yet unpatched vulnerabilities in the technology, researchers said this week. Potentially ...
2 years ago Darkreading.com CVE-2023-48023 CVE-2023-48022 CVE-2023-6021
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
10 months ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-53704 CVE-2024-52875 CVE-2023-20198 CVE-2023-20273 Winnti Group
Cisco Smart Licensing Utility Vulnerabilities Let Attackers Gain Admin Access - Two critical vulnerabilities were actively exploited in Cisco Smart Licensing Utility, potentially allowing attackers to gain administrative access to affected systems. The vulnerabilities, discovered in September 2024 but now seeing active ...
9 months ago Cybersecuritynews.com CVE-2024-20439
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
10 months ago Cybersecuritynews.com CVE-2024-5594
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
Creating a formula for effective vulnerability prioritization - In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset ...
2 years ago Helpnetsecurity.com
ShadowRay Vulnerability: 6 Lessons for AI & Cybersecurity - This exposure is under active attack, yet Ray disputes that the exposure is a vulnerability and doesn't intend to fix it. The dispute between Ray's developers and security researchers highlights hidden assumptions and teaches lessons for AI security, ...
1 year ago Esecurityplanet.com CVE-2023-48022
Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches - Multiple critical vulnerabilities have been identified in Scriptcase, a low-code development platform, particularly in versions like 9.4.019 and 9.10.023. These flaws include arbitrary file uploads, path traversal, and cross-site scripting (XSS), ...
6 months ago Cybersecuritynews.com
US offering $15m for info on ALPHV/Blackcat ransomware crew The Register - Infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. ALPHV has made a habit of going after critical infrastructure targets, and last week ...
1 year ago Go.theregister.com CVE-2024-23816 CVE-2023-51440 CVE-2024-22042
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
1 year ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)