QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 |
Wed, 27 Aug 2025 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 |
Wed, 27 Aug 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Aditus
Aditus jpgraph |
Wed, 04 Dec 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
cvssV3_1
|
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-02T15:14:32.026Z
Reserved: 2024-06-21T00:00:00.000Z
Link: CVE-2024-39165

Updated: 2024-08-02T04:19:20.531Z

Status : Awaiting Analysis
Published: 2024-07-04T13:15:10.023
Modified: 2025-09-02T16:15:37.880
Link: CVE-2024-39165

No data.

No data.