Vulnerabilities ›

CVE-2026-1192

High ⚡ Exploit Available

CWE-74 — Weakness Type

                    Published: Jan 19, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imode_alldata.php. Executing a manipulation of the argument DevId can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-1192 is a critical command injection vulnerability in Tosei Online Store Management System v1.01 affecting the /cgi-bin/imode_alldata.php endpoint. The DevId parameter lacks proper input validation, allowing remote attackers to execute arbitrary commands without authentication. With a CVSS score of 7.3 and publicly disclosed exploit code available, this poses an immediate threat to Saudi e-commerce and retail organizations using this system.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 5, 2026 12:01

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi e-commerce platforms, online retailers, and small-to-medium enterprises (SMEs) using Tosei's system for order management. High-risk sectors include: (1) Retail & E-commerce - direct compromise of sales systems and customer data; (2) Banking/Payment Processing - if integrated with payment gateways regulated by SAMA; (3) Logistics & Supply Chain - disruption of order fulfillment operations; (4) Government Procurement - if used in e-tendering systems. The lack of vendor response increases risk for Saudi organizations as no official patches may be forthcoming.

🏢 Affected Saudi Sectors

E-commerce & Retail Banking & Financial Services Payment Processing Logistics & Supply Chain Government Procurement Small-to-Medium Enterprises (SMEs)

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1059.003 - Command and Scripting Interpreter: Windows Command Shell T1059.004 - Command and Scripting Interpreter: Unix Shell T1078 - Valid Accounts (if chained with authentication bypass) T1133 - External Remote Services T1047 - Windows Management Instrumentation

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all instances of Tosei Online Store Management System v1.01 in your environment using network scanning tools

2. Isolate affected systems from internet-facing access immediately; restrict access to /cgi-bin/imode_alldata.php

3. Review access logs for the past 30 days for suspicious DevId parameter patterns



PATCHING GUIDANCE:

1. Contact Tosei Corporation directly for patch availability confirmation

2. If patch is available, apply immediately after testing in isolated environment

3. If no patch forthcoming, plan immediate migration to alternative e-commerce platform



COMPENSATING CONTROLS (if patching delayed):

1. Implement Web Application Firewall (WAF) rules to block requests containing shell metacharacters (|, ;, &, $, `, >, <) in DevId parameter

2. Deploy input validation: restrict DevId to alphanumeric characters only using regex: ^[a-zA-Z0-9]+$

3. Implement rate limiting on /cgi-bin/imode_alldata.php endpoint (max 10 requests/minute per IP)

4. Enable detailed logging of all requests to this endpoint with full parameter values

5. Run system in least-privilege mode; restrict PHP execution permissions



DETECTION RULES:

1. Monitor for HTTP requests to /cgi-bin/imode_alldata.php with DevId containing: pipe (|), semicolon (;), backtick (`), dollar sign ($), ampersand (&)

2. Alert on any process spawning from PHP process (apache/www-data user executing shell commands)

3. Monitor for unusual outbound connections from web server process

4. Log all failed authentication attempts to the affected endpoint

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نسخ نظام إدارة متاجر Tosei الإصدار 1.01 في بيئتك باستخدام أدوات المسح

2. عزل الأنظمة المتأثرة عن الوصول المتصل بالإنترنت فوراً؛ تقييد الوصول إلى /cgi-bin/imode_alldata.php

3. مراجعة سجلات الوصول لآخر 30 يوماً للبحث عن أنماط مريبة في معامل DevId

إرشادات التصحيح:

1. التواصل مع Tosei Corporation مباشرة لتأكيد توفر التصحيح

2. إذا كان التصحيح متاحاً، طبقه فوراً بعد الاختبار في بيئة معزولة

3. إذا لم يكن التصحيح متاحاً، خطط للهجرة الفورية إلى منصة تجارة إلكترونية بديلة

الضوابط البديلة (إذا تأخر التصحيح):

1. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) لحجب الطلبات التي تحتوي على أحرف shell (|، ;، &، $، `، >، <) في معامل DevId

2. نشر التحقق من الإدخال: تقييد DevId بأحرف أبجدية رقمية فقط باستخدام regex: ^[a-zA-Z0-9]+$

3. تطبيق تحديد معدل على نقطة النهاية /cgi-bin/imode_alldata.php (الحد الأقصى 10 طلبات/دقيقة لكل IP)

4. تفعيل السجلات التفصيلية لجميع الطلبات إلى هذه النقطة مع قيم المعاملات الكاملة

5. تشغيل النظام بأقل صلاحيات؛ تقييد صلاحيات تنفيذ PHP

قواعد الكشف:

1. مراقبة طلبات HTTP إلى /cgi-bin/imode_alldata.php مع DevId يحتوي على: pipe (|)، فاصلة منقوطة (;)، backtick (`)، علامة دولار ($)، ampersand (&)

2. تنبيه عند أي عملية تنبثق من عملية PHP (مستخدم apache/www-data ينفذ أوامر shell)

3. مراقبة الاتصالات الخارجية غير العادية من عملية خادم الويب

4. تسجيل جميع محاولات المصادقة الفاشلة على نقطة النهاية المتأثرة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Secure development policy and procedures ECC 2024 A.14.2.5 - Secure coding practices and code review ECC 2024 A.14.2.8 - System security testing before production ECC 2024 A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

SAMA CSF ID.GV-1 - Organizational governance and risk management SAMA CSF PR.DS-6 - Data input validation and error handling SAMA CSF PR.IP-12 - Software development security practices SAMA CSF DE.CM-1 - Detection and monitoring of anomalous activity

🟡 ISO 27001:2022

ISO 27001:2022 A.8.1 - Asset management and inventory ISO 27001:2022 A.14.2.1 - Secure development policy ISO 27001:2022 A.14.2.5 - Secure coding practices ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Ensure security patches are installed within defined timeframe PCI DSS 6.5.1 - Injection flaws prevention PCI DSS 11.2 - Vulnerability scanning and remediation

🔗 References & Sources 4

🔗

https://vuldb.com/?ctiid.341777

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.341777

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.734205

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://www.yuque.com/yuqueyonghuexlgkz/zepczx/keenhf9u2bnw5o6g

cna@vuldb.com

Exploit Third Party Advisory

📦 Affected Products / CPE 1 entries

tosei-corporation:online_store_management_system:1.01

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-74

EPSS2.23%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-01-19

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

exploit-available CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-1192

💬 Comments

Introduce Yourself

Sign In Required