CVE-2022-30887
published 2022-05-20CVE-2022-30887: Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
24.83%
97.6th percentile
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pharmacy_management_system_project | pharmacy_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for file upload requests targeting /php_action/editProductImage.php in Pharmacy Management System v1.0, which is the vulnerable endpoint for RCE via crafted image file upload. ↗
- ·The RCE is triggered via a crafted image file upload; the application fails to properly validate uploaded file types, allowing server-side code execution through the image upload functionality. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
RvB: Automating AI System Hardening via Iterative Red-Blue Games
arxiv_fulltext·2026-01-27
RvB: Automating AI System Hardening via Iterative Red-Blue Games
## Abstract
The dual offensive and defensive utility of Large Language Models (LLMs) highlights a critical gap in AI security: the lack of unified frameworks for dynamic, iterative adversarial adaptation hardening. To bridge this gap, we propose the Red Team vs. Blue Team (RvB) framework, formulated as a training-free, sequential, imperfect-information game. In this process, the Red Team exposes vulnerabilities, driving the Blue Team to learning effective solutions without parameter updates. We validate our framework across two challenging domains: dynamic code hardening against CVEs and guardrail optimization against jailbreaks. Our empirical results show that this interaction compels the Blue Team to learn fundamental defensive principles, leading to robust remediations that are not mer
arXiv
PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities
arxiv_fulltext·2025-10-13
PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities
fancy
## Abstract
The increasing autonomy of Large Language Models (LLMs) necessitates a rigorous evaluation of their potential to aid in cyber offense. Existing benchmarks often lack real-world complexity and are thus unable to accurately assess LLMs' cybersecurity capabilities. To address this gap, we introduce PACEbench, a practical AI cyber-exploitation benchmark built on the principles of realistic vulnerability difficulty, environmental complexity, and cyber defenses. Specifically, PACEbench comprises four scenarios spanning single, blended, chained, and defense vulnerability exploitations. To handle these complex challenges, we propose PACEagent, a novel agent that emulates human penetration testers by supporting multi-phase reconnaissance, analysis, and exploitation.
Extensive ex
2022-05-20
Published