Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2026/01/13 11:16 p.m.2 views

CVE-2023-54339

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

9.8CVSS0.00864EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/01/13 10:52 p.m.3 views

CVE-2023-54339 Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

9.8CVSS7.7AI score0.00864EPSS
Exploits1References3
CVE
CVEadded 2026/01/13 10:52 p.m.7 views

CVE-2023-54339

Webgrind 1.1 is affected by a remote command execution vulnerability in index.php via the unvalidated dataFile parameter. An unauthenticated attacker can inject and execute OS commands (example payload: '0%27%26calc.exe%26%27'). The issue stems from dataFile handling, enabling arbitrary system co...

9.8CVSS7.7AI score0.00864EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/01/13 10:52 p.m.20 views

CVE-2023-54339 Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

9.8CVSS0.00864EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/01/13 12:0 a.m.4 views

PT-2026-2429

Name of the Vulnerable Software and Affected Versions Webgrind version 1.1 Description Webgrind version 1.1 contains a remote command execution issue. Unauthenticated attackers can inject OS commands through the dataFile parameter in the ''index.php'' file. Attackers can execute arbitrary system...

9.8CVSS7.5AI score0.00864EPSS
Exploits1References5
Packet Storm
Packet Stormadded 2012/02/18 12:0 a.m.19 views

Webgrind 1.0 Cross Site Scripting

webgrind 1.0 dataFile Remote Reflected XSS Vulnerability Vendor: Joakim Nygard and Jacob Oettinger Product web page: http://code.google.com/p/webgrind Affected version: 1.0 Summary: Webgrind is an Xdebug profiling web frontend in PHP5. Desc: webgrind suffers from a XSS vulnerability when parsing...

Exploits0
Rows per page
Query Builder