CVE-2023-54339

Sažetak

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.

Reference

http://github.com/jokkedk/webgrind/
https://www.exploit-db.com/exploits/51074
https://www.vulncheck.com/advisories/webgrind-remote-command-execution-rce-via-datafile-parameter
https://www.exploit-db.com/exploits/51074

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

03-02-2026 - 19:21

Objavljeno

13-01-2026 - 23:16