← Back

Thesystem

thesystem

Vendor: Kostasmitroglou • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25441
1Kostasmitroglou
1Thesystem
Mar 12, 2026
Feb 20, 2026
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST reque...Show more
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.Show less
CVE-2019-25311
1Kostasmitroglou
1Thesystem
Mar 12, 2026
Feb 11, 2026
5.1 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in...Show more
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.Show less