CVE-2020-37123
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
12.2%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 2/5/2026
- Last Modified
- 2/5/2026
Frequently Asked Questions
What is CVE-2020-37123?
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.
Is CVE-2020-37123 actively exploited?
Active exploitation of CVE-2020-37123 has not been confirmed. The EPSS score is 12.2%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2020-37123?
CVE-2020-37123 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2020-37123 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.