← Zuruck zu CVEs

CVE-2023-54339

CRITICAL

9.8

Beschreibung

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/13/2026

Zuletzt geandert2/3/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

webgrind_project:webgrind

Schwachen (CWE)

CWE-78

Referenzen

http://github.com/jokkedk/webgrind/(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/51074(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/webgrind-remote-command-execution-rce-via-datafile-parameter(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/51074(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.