LOW
546669204
CVE published 2026-05-23
CVE-2026-9302
A code injection vulnerability exists in the vps-inventory-monitoring project (GitHub user 546669204) affecting versions up to commit 98c00b370668c96ae75e91c15548d9ea113652d9. The vulnerability resides in the `eval` function within `app/index/command/VpsTest.php` of the VpsTest Console component. An attacker with low privileges can remotely inject and execute arbitrary code by manipulating the `vf` argume [truncated]