Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Tosei Online Store Management System Allows Remote Code Execution
CVE-2026-2944
Summary
A security flaw in the Tosei Online Store Management System's monitoring feature allows an attacker to execute malicious code on the system. This can happen if an attacker sends a specific type of request to the system. We recommend updating the system to the latest version to fix this issue and prevent potential attacks.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tosei-corporation | online_store_management_system | 1.01 | – |
Original title
A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Han...
Original description
A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
- https://github.com/CVE-Hunter-Leo/CVE/issues/9 Exploit Issue Tracking Third Party Advisory
- https://vuldb.com/?ctiid.347314 Permissions Required VDB Entry
- https://vuldb.com/?id.347314 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754579 Third Party Advisory VDB Entry
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026