4 matches found
CVE-2018-12909
Webgrind
CVE-2012-1790
CVE-2012-1790 affects Webgrind 1.0 and 1.0.2, enabling absolute path traversal via the file parameter to index.php. Exploitation allows reading arbitrary files; multiple sources (NVD, Veracode, PRION, CVE lists) corroborate the path traversal description. No vendor-specific patch/version is provi...
CVE-2023-54339
Webgrind 1.1 is affected by a remote command execution vulnerability in index.php via the unvalidated dataFile parameter. An unauthenticated attacker can inject and execute OS commands (example payload: '0%27%26calc.exe%26%27'). The issue stems from dataFile handling, enabling arbitrary system co...
CVE-2023-54341
Webgrind 1.1 and earlier are affected by a reflected XSS via the file parameter in index.php. The vulnerability arises from insufficient encoding of user-controlled input, allowing unauthenticated attackers to inject arbitrary JavaScript by crafting malicious URLs. Affected component: Webgrind (P...