exploitDog

CVE-2023-54339

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.

Ссылки

http://github.com/jokkedk/webgrind/
Product
https://www.exploit-db.com/exploits/51074
Exploit
https://www.vulncheck.com/advisories/webgrind-remote-command-execution-rce-via-datafile-parameter
Third Party Advisory
https://www.exploit-db.com/exploits/51074
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webgrind_project:webgrind:*:*:*:*:*:*:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 64%

0.00475

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-pcqr-mvp3-63jx

CVSS3: 9.8

github

24 дня назад

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.

EPSS

Процентиль: 64%

0.00475

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78