BinSoft mpGabinet Remote Command Execution Vulnerability

A remote command execution vulnerability exists in BinSoft mpGabinet versions through 23.12.19. This issue allows an authorized user with access to the application and the backend database to execute system commands. Exploitation involves uploading an attachment and altering its storage path in the database to point to an attacker-controlled remote resource. Alternatively, a previously uploaded file can be used by changing its reference. When the application processes the attachment and a user attempts to open it, the referenced resource is executed by the system. Notably, this vulnerability can be exploited by any unauthenticated attacker by combining it with CVE-2026-40550 and CVE-2026-40551, which provide database access and allow logging into any account.

Impact

Exploitation of this vulnerability leads to unauthorized remote command execution on the server where mpGabinet is hosted.