Command Injection Vulnerability in KaiYuanTong ECT Platform Affects Remote Functionality
CVE-2025-0328
6.9MEDIUM
What is CVE-2025-0328?
A command injection vulnerability exists within the KaiYuanTong ECT Platform, particularly in the /public/server/runCode.php file used for handling HTTP POST requests. An attacker can manipulate the 'code' argument, potentially allowing unauthorized commands to be executed on the server. This issue can be exploited remotely, exposing the system to significant risks. Despite prior notification to the vendor, no response has been received regarding the problem.
Affected Version(s)
ECT Platform 2.0