cbcvebase.
CVE-2020-37123
published 2026-02-05

CVE-2020-37123: Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can…

PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.14%
86.3th percentile
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

Affected

1 ranges
VendorProductVersion rangeFixed in
wcchandlerpinger

Detection & IOCsextracted from sources · hover to see the quote

path/ping.php
commandping=127.0.0.1;echo+{{md5('CVE-2020-37123')}}
urlPOST /ping.php HTTP/1.1
  • Send a POST request to /ping.php with a 'ping' parameter containing a semicolon-delimited shell command (e.g., 127.0.0.1;<cmd>) and check the response body for command output to confirm RCE.
  • Probe the target root URL for the presence of the string 'ping.php' in the response body as a prerequisite indicator that the vulnerable Pinger 1.0 application is present.
  • Monitor HTTP POST requests to /ping.php with Content-Type: application/x-www-form-urlencoded where the 'ping' or 'socket' parameter values contain shell metacharacters (e.g., ';', '|', '`').
  • ·Exploitation requires two sequential HTTP steps: first a GET to the base URL to confirm 'ping.php' is present, then a POST to /ping.php with the injected payload. Single-step detection may miss the prerequisite check.
  • ·Both the 'ping' and 'socket' parameters are vulnerable to shell command injection; detection rules should cover both parameters, not just 'ping'.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.