CVE-2020-37123

CRITICAL EXPLOITED NUCLEI

Pinger 1.0 - RCE

Title source: llm

Description

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

Exploits (1)

exploitdb WORKING POC

by Milad karimi · textwebappsphp

https://www.exploit-db.com/exploits/48323

View Code ZIP pw:eip

Nuclei Templates (1)

Pinger 1.0 - Remote Code Execution

CRITICALVERIFIEDby bswearingen

References (3)

[Various Sources] https://github.com/wcchandler/pinger

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48323

[Third Party Advisory] https://www.vulncheck.com/advisories/pinger-remote-code-execution

Scores

CVSS v3 9.8

EPSS 0.1655

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2026-03-16

CWE

CWE-78

Status published

Products (1)

wcchandler/Pinger 1.0

Published Feb 05, 2026

Tracked Since Feb 18, 2026