CVE-2020-37123

CRITICAL WAF: High

CVSS 9.8 Published: 2026-02-05

CWE-78

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

WAF Coverage Analysis

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

References

github.com
www.exploit-db.com
www.vulncheck.com

Back to CVE Database