2025-09-16 19:40:41
VulnCheck
PUBLISHED
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the passwd HTTP POST parameter, leading to full system compromise or denial of service.