Primary

Context

Tiny MoxieManager PHP Remote Code Execution Vulnerability in Installer Command

Vulnerability

Patched

A remote code execution vulnerability has been identified in Tiny MoxieManager PHP versions prior to 4.0.0. This issue arises in the installer command, where unauthenticated attackers can inject and execute arbitrary code. The vulnerability allows attacker-controlled data to be inserted into the config.php file via the InstallCommand, which is accessible after the installation process is complete.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Tiny MoxieManager is installed.

Remediation

Users are advised to update to Tiny MoxieManager PHP version 4.0.0 or later, where this vulnerability has been patched. Additionally, the 'install' directory should be manually deleted after installation to prevent exploitation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

8.1

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

8.1

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tiny MoxieManager PHP Remote Code Execution Vulnerability in Installer Command

Vulnerability

Impact

Remediation

Affected Products

Tiny MoxieManager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating