Primary

Context

BrainyCP Remote Code Execution Vulnerability via Authenticated Crontab Manipulation

Vulnerability

A remote code execution vulnerability has been identified in BrainyCP version 1.0. This issue allows authenticated users to inject arbitrary commands through the crontab configuration interface. Exploitation involves adding a malicious command that creates a reverse shell to a specified IP address and port.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where BrainyCP is installed.

Reproduction

To reproduce this vulnerability, log into BrainyCP 1.0 as an authenticated user. Navigate to the crontab configuration interface and add a new cron job. In the command field, inject a command that spawns a reverse shell to your specified IP address and port. Once the cron job is executed, the reverse shell will connect back to your listener.

Added: Dec 19, 2025, 9:29 PM

Updated: Dec 19, 2025, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BrainyCP Remote Code Execution Vulnerability via Authenticated Crontab Manipulation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating