Skip to main content

Themisnetpanel

1 CVEs product

Monthly

CVE-2026-6847 CRITICAL Act Now

Remote code execution in ThemisNETPanel (vendor 4real) allows unauthenticated network attackers to fully compromise the underlying server by abusing a file-upload endpoint that lacks any authentication check. An attacker submits a base64-encoded PHP payload, writes it as an arbitrary PHP file, and executes it in the web application's context. Reported by CERT-PL with a CVSS 4.0 base score of 9.3; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass File Upload RCE PHP Themisnetpanel
NVD
CVSS 4.0
9.3
EPSS
0.6%
EPSS 1% CVSS 9.3
CRITICAL Act Now

Remote code execution in ThemisNETPanel (vendor 4real) allows unauthenticated network attackers to fully compromise the underlying server by abusing a file-upload endpoint that lacks any authentication check. An attacker submits a base64-encoded PHP payload, writes it as an arbitrary PHP file, and executes it in the web application's context. Reported by CERT-PL with a CVSS 4.0 base score of 9.3; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass File Upload RCE +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy