Two critical vulnerabilities have been discovered in ScriptCase, a popular low-code PHP web application generator, which puts thousands of servers at risk of remote code execution and complete compromise.
The flaws, tracked as CVE-2025-47227 and CVE-2025-47228, affect the Production Environment module (also known as the “prod console”), which is commonly deployed alongside web applications for database and directory management, as per a report by Synacktiv.
https://gbhackers.com/scriptcase-vulnerabilities/