CVE-2025-34030 Scanner
CVE-2025-34030 Scanner - Remote Code Execution (RCE) vulnerability in sar2html
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
10 days 19 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
The sar2html application is a popular tool used for graphically viewing and analyzing system activity reports (SAR) data. It is commonly used among system administrators and IT professionals for monitoring system performance and troubleshooting. Sar2html is designed to convert SAR data into an easy-to-read HTML format. Organizations rely on sar2html for comprehensive system performance analysis, making it a crucial tool in server management and optimization tasks. The software is often deployed on web servers, allowing remote access to system performance metrics.
The vulnerability detected is a Remote Code Execution (RCE) weakness in the sar2html product. This allows attackers to insert and execute harmful code via the plot parameter of the index.php file. The issue arises due to insufficient input validation of the plot parameter, leaving the system open to OS command injection. This vulnerability can be exploited by unauthenticated attackers over the network, posing a severe threat to any system running the affected version of sar2html.
Technical details reveal that the vulnerability resides in the lack of sanitation within the plot parameter of the index.php script. By appending shell metacharacters to this parameter, attackers can insert and execute arbitrary code on the server. The HTTP request containing the exploit is crafted to inject OS commands directly, which are executed in the web application process context. This lack of proper input validation and handling makes the vulnerability critical and relatively easy to exploit.
If exploited by malicious actors, this vulnerability can lead to unauthorized remote command execution on the server hosting sar2html. The attacker can gain control over the server, potentially leading to data theft, service disruptions, or the deployment of further malicious software. Additionally, this could compromise the confidentiality, integrity, and availability of data and services hosted on the affected system.
REFERENCES
