CVE-2025-34115

Name of the Vulnerable Software and Affected Versions OP5 Monitor versions through 7.1.9

Description An authenticated command injection vulnerability exists in OP5 Monitor. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. The vulnerable parameter is cmd str in the /command test.php endpoint.

Recommendations Update to version 7.2.0 or later.