CVE-2020-37123 PUBLISHED

Pinger 1.0 - Remote Code Execution

Assigner: VulnCheck
Reserved: 03.02.2026 Published: 05.02.2026 Updated: 05.02.2026

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor wcchandler
Product Pinger
Versions
  • Version 1.0 is affected

Credits

  • Milad Karimi finder

References

Problem Types

  • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE