Magdesign: >> Pocketvj Control Panel Firmware >> 3.9.1 Security Vulnerabilities
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execute arbitrary commands with root privileges on the underlying system.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-11-05
An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-23