CVE-2020-37186

CRITICAL WAF: Medium

CVSS 9.8 Published: 2026-02-11

CWE-94

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a crafted POST request.

WAF Coverage Analysis

Code Injection Medium WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection

References

chevereto.com
github.com
www.exploit-db.com
www.vulncheck.com

Back to CVE Database