Eveo Urve Web Manager vulnerabilities
2 known vulnerabilities affecting eveo/urve_web_manager.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-36845P2HIGHCVSS 8.6PoCv27.02.20252025-07-21
CVE-2025-36845 [HIGH] CWE-918 CVE-2025-36845: An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php al
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.
nvd
CVE-2025-36846P2CRITICALCVSS 9.8v27.02.20252025-07-21
CVE-2025-36846 [CRITICAL] CVE-2025-36846: An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shell_exec() function of PHP. NOTE: this can be chained with CVE-2025-36845.
nvd