Webgrind <= 1.5 - Local File Inclusion

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer&file= URI id: CVE-2018-12909 info: name: Webgrind = 1.5 - Local File Inclusion author: DhiyaneshDk severity: high...

CVE-2023-54341

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2023-54341

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2023-54339

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

CVE-2023-54339

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

CVE-2023-54341 Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) via file Parameter

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2023-54341 Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) via file Parameter

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2023-54341

Webgrind 1.1 and earlier are affected by a reflected XSS via the file parameter in index.php. The vulnerability arises from insufficient encoding of user-controlled input, allowing unauthenticated attackers to inject arbitrary JavaScript by crafting malicious URLs. Affected component: Webgrind (P...

CVE-2023-54339

Webgrind 1.1 is affected by a remote command execution vulnerability in index.php via the unvalidated dataFile parameter. An unauthenticated attacker can inject and execute OS commands (example payload: '0%27%26calc.exe%26%27'). The issue stems from dataFile handling, enabling arbitrary system co...

CVE-2023-54339 Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

CVE-2023-54339 Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

Webgrind 跨站脚本漏洞

Webgrind is a web-based PHP performance analysis tool from the individual developer Joakim Nygård. A cross-site scripting vulnerability exists in Webgrind 1.1 and earlier versions, which stems from insufficiently encoded user input in the file parameter of index.php, and could lead to a reflectiv...

Webgrind 操作系统命令注入漏洞

Webgrind is a web-based PHP performance analysis tool from the individual developer Joakim Nygård. An operating system command injection vulnerability exists in Webgrind version 1.1, which stems from an unvalidated dataFile parameter in index.php, and could lead to the injection of operating syst...

PT-2026-2429

Name of the Vulnerable Software and Affected Versions Webgrind version 1.1 Description Webgrind version 1.1 contains a remote command execution issue. Unauthenticated attackers can inject OS commands through the dataFile parameter in the ''index.php'' file. Attackers can execute arbitrary system...

PT-2026-2431

Name of the Vulnerable Software and Affected Versions Webgrind versions 1.1 and earlier Description The application does not adequately encode user-supplied data, enabling unauthenticated attackers to inject malicious scripts through the file parameter in the 'index.php' file. This allows attacke...

CVE-2018-12909

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment...

Webgrind 1.1 Cross Site Scripting / Remote Code Execution

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...

Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution Vulnerability

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 10 using XAMPP Vulnerability...

Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) &amp; Remote Command Execution (RCE)

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...

Unspecified Vulnerability in Webgrind

Webgrind is a set of PHP execution time analysis tool . A security vulnerability exists in Webgrind version 1.5, which is caused by the program relying on user input to display files. The vulnerability can be exploited to view files on the local file system that are accessible to the Webserver us...