CVE-2020-37123

CRITICAL EXPLOITED NUCLEI

Pinger 1.0 - Remote Code Execution via Ping and Socket Parameter Injection

Title source: llm

Exploitation Summary

CVE-2020-37123 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Milad karimi. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Pinger 1.0, where the 'ping' and 'socket' GET parameters are passed unsanitized to shell_exec(), allowing arbitrary command execution. The PoC shows how to write a PHP file to the server via command injection.

Description

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

Exploits (1)

exploitdb WORKING POC

by Milad karimi · textwebappsphp

https://www.exploit-db.com/exploits/48323

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Pinger 1.0, where the 'ping' and 'socket' GET parameters are passed unsanitized to shell_exec(), allowing arbitrary command execution. The PoC shows how to write a PHP file to the server via command injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Pinger 1.0

No auth needed

Prerequisites: Network access to the vulnerable application · PHP and shell_exec enabled on the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Pinger 1.0 - Remote Code Execution

CRITICALVERIFIEDby bswearingen

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48323

Various Sources product

https://github.com/wcchandler/pinger

View Writeup ZIP pw:eip

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/pinger-remote-code-execution

Scores

CVSS v3 9.8

EPSS 0.0314

EPSS Percentile 86.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-03-16

CWE

CWE-78

Status published

Products (1)

wcchandler/Pinger 1.0

Published Feb 05, 2026

Tracked Since Feb 18, 2026