CVE-2025-30091 Information

Description

In Tiny MoxieManager PHP before 4.0.0 remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php and InstallCommand is available after an installation has completed.

Reference

https://www.moxiemanager.com/changelog/ https://www.moxiemanager.com/documentation/SEC-1063.php