CVE-2023-54341

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2018-12909

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment...

CVE-2012-1790

Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php...

webgrind 1.0 - 'file' Local File Inclusion

webgrind 1.0 file param Local File Inclusion Vulnerability Vendor: Joakim Nygard and Jacob Oettinger Product web page: http://code.google.com/p/webgrind Affected version: 1.0 v1.02 in trunk on github Summary: Webgrind is an Xdebug profiling web frontend in PHP5. Desc: webgrind suffers from a file...