Web-Check < 2.0.1 Screenshot API - OS Command Injection

Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...

📄 Web‑Check 1 Command Injection

A command injection vulnerability was identified in the Web‑Check application's /api/screenshot endpoint. The issue stems from the backend function that spawns a Chromium screenshot process using childprocess.exec with user‑controlled input passed via the url query parameter. Because the input wa...

Web-Check Screenshot API Command Injection RCE

This module exploits a command injection vulnerability in Web-Check's /api/screenshot endpoint. The directChromiumScreenshot function uses childprocess.exec with unsanitized user input, allowing command injection via URL query parameters. The vulnerability was patched in commit...

📄 Web-Check Screenshot API Command Injection

This Metasploit module exploits a command injection vulnerability in Web-Check's /api/screenshot endpoint. The directChromiumScreenshot function uses childprocess.exec with unsanitized user input, allowing command injection via URL query parameters. The vulnerability was patched in commit...

VulnCheck KEV: CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

Exploit for CVE-2025-32778

CVE-2025-32778 - Web-Check Command Injection Exploit !Criti...

CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

CVE-2025-32778

CVE-2025-32778 affects Web-Check’s /api/screenshot endpoint. A user-controlled url is passed to a shell command via exec(), enabling command injection that could lead to arbitrary commands on the host. The issue is mitigated by replacing exec() with execFile(), which avoids a shell and properly i...

CVE-2025-32778 Web-Check allows command Injection via Unvalidated URL in Screenshot API

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

CVE-2025-32778 Web-Check allows command Injection via Unvalidated URL in Screenshot API

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

Web-Check 操作系统命令注入漏洞

Web-Check is a versatile OSINT tool for analyzing any website by Alicia Sykes Personal Developer. Web-Check suffers from an operating system command injection vulnerability that stems from the screenshot API not being cleaned of user input, which could lead to a command injection attack...

PT-2025-16396 · Webcheck · Webcheck

Name of the Vulnerable Software and Affected Versions: Web-Check versions affected versions not specified Description: A command injection issue exists in the screenshot API of the Web Check project, stemming from user-controlled input url being passed unsanitized into a shell command using exec,...